ALPINE-CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

GHSA-JGWR-3QM3-26F3 Potential remote code execution in Apache Tomcat

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

ambition-edc (>=0.3.68 <=0.3.72), boorunaut (=0.4.3) +46 more potentially affected by CVE-2020-24583 via django (>=2.2.0 <=2.2.15)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =1.0.1, =0.0.1, =0.0.1, =2.0.0, =0.3.0a0, =0.4.0b1 - django-dicom =0.0.1 - django-gov-notify =0.1.0 - django-htmx-rest =0.0.1b1 - django-ios-storekit =1.0.6 and more Source cves: CVE-2020-24583 Source advisory: OSV:GHSA-M6GJ-H9GM-GW44...

atila-vue (>=0.1.3 <=0.1.3.5), contrail (>=0.3.0 <=1.0.2) +28 more potentially affected by CVE-2021-3281 via django (>=3.0.0 <=3.0.11)

django PYPI version =3.0.0, =0.1.3, =0.3.0, =0.1.1, =0.0.1, =0.0.1, =0.2.1, =0.8.0, =0.7.0, =0.10.0, =0.5.0, =0.6.4 and more Source cves: CVE-2021-3281 Source advisory: OSV:GHSA-FVGF-6H6H-3322...

GHSA-5FVX-2JJ3-6MFF Insufficiently Protected Credentials in Elasticsearch

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in...

UBUNTU-CVE-2020-1900

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32....

Bloomreach Experience Manager 安全漏洞

Bloomreach Experience Manager is an application from Bloomreach USA. which provides AI-driven search and merchandising tools. A security vulnerability exists in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2, which originates from a vulnerability that could allow a remote attacker to...

PT-2022-6828 · Haproxy +6 · Haproxy +6

Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.1 through 2.7 before 2.7.1 HAProxy version 2.2 before 2.2.27 HAProxy version 2.3 HAProxy version 2.4 before 2.4.21 HAProxy version 2.5 before 2.5.11 HAProxy version 2.6 before 2.6.8 Description: An information leak issue wa...

Weseek GROWI 跨站脚本漏洞

Weseek GROWI is a suite of team collaboration software from Weseek Japan. A stored cross-site scripting vulnerability exists in the administrator page in GROWI 4.2.0 - 4.2.7. An attacker can exploit this vulnerability to execute arbitrary script in a logged-in user's web browser...

PT-2021-7335 · Avahi +8 · Avahi +8

Name of the Vulnerable Software and Affected Versions: Avahi versions 0.6 up to 0.8 Description: The issue is related to the client work function in the Avahi service discovery system, which can lead to an infinite loop due to a condition with no exit. This can be exploited by an attacker to caus...

Joomla! cross-site scripting vulnerability (CNVD-2021-15050)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! 2.5.0 - 3.9.24. The...

PT-2021-15386 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.2.0 through 3.9.24 Description: An issue was discovered in the template manager due to missing input validation. Recommendations: For versions 3.2.0 through 3.9.24, update to a version that includes input validation in the...

PT-2021-15384 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 2.5.0 through 3.9.24 Description: An issue was discovered that could lead to xss issues due to missing filtering of messages shown to users. Recommendations: For Joomla! versions 2.5.0 through 3.9.24, update to a version that...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2021-21320 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2021-21320 Source advisory: OSV:GHSA-52MQ-6JCV-J79X...

Joomla 路径遍历漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A path traversal vulnerability exists in Joomla! 3.0.0 - 3.9.24. An attacker can...

Apache Tomcat 信息泄露漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements support for Servlet and JavaServer Page JSP. An information disclosure vulnerability exists in Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to...

object-collider 安全漏洞

Vladyslav Tkachenko object-collider is an open source application by Vladyslav Tkachenko. Provides the ability to merge original old objects without source code modification, and optionally provide custom merge behavior for each specific sub-path A security vulnerability exists in object-collider...

960.css (=1.0.0), @4site/engrid-styles (>=0.2.19 <=0.2.24) +124 more potentially affected by CVE-2021-23343 via path-parse (>=1.0.5 <=1.0.6)

path-parse NPM version =1.0.5, =0.2.19, =0.1.1, =7.0.0, =0.2.0, =0.17.0, =0.17.0, =0.19.0, =0.17.0, =0.23.0, =0.17.0, =0.17.0, =0.17.1 - @choerodon/issue =0.17.0 and more Source cves: CVE-2021-23343 Source advisory: SNYK:JS-PATHPARSE-1077067...

angleview (=0.0.0.dev1), bacant (=3.4.0) +61 more potentially affected by CVE-2020-28463 via reportlab (>=3.1.44 <=3.5.53)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =1.0.0, =2.0.1.16012810, =2.0.1.16012810, =2.0.1.16012810, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =1.3.0 - invenio-testing =0.1.1 and more Source cves: CVE-2020-28463 Source advisory: OSV:PYSEC-2021-146...

Cisco StarOS operating system 资源管理错误漏洞

Cisco StarOS is a router operating system that controls the entire system logic and can control processes and CLIs. A denial of service vulnerability exists in the SSH service for Cisco StarOS 21.9.0 - 21.19.10. The vulnerability stems from a logic error that can occur under certain traffic...