PT-2021-17412 · Grafana +6 · Grafana +6

Name of the Vulnerable Software and Affected Versions: Grafana versions 6.7.3 through 7.4.1 Description: The snapshot feature in Grafana can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. This issue is related...

PT-2021-13942 · Ibm · Ibm Security Verify Information Queue

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue versions 1.0.6 through 1.0.7 Description: The issue discloses sensitive information in source code that could be used in further attacks against the system. Recommendations: For versions 1.0.6 and 1.0.7,...

@byhuz/huz-ui-sigma (>=1.0.19 <=1.0.27), @deliverybot/client (>=0.7.0 <=0.7.2) +31 more potentially affected by CVE-2021-23327 via apexcharts (>=1.5.6 <=3.23.1)

apexcharts NPM version =1.5.6, =1.0.19, =0.7.0, =7.20.0, =2.3.0, =1.0.3, =0.0.1, =0.0.1, =0.0.1, =1.0.34, =1.1.0, =1.1.0-beta.0, =0.0.1, =0.0.7 - cx-web-core =1.0.18 and more Source cves: CVE-2021-23327 Source advisory: OSV:GHSA-W46J-8HM6-H8MM...

CVE-2020-5023

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659...

CVE-2021-21306

Marked is an open-source markdown parser and compiler npm package "marked". In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is...

DEBIAN-CVE-2020-36148

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions e.g. in embedded environment...

fintalk-pkg (>=2.3.20 <=2.3.22) potentially affected by CVE-2021-21304 via dynamoose (=2.3.0)

dynamoose NPM version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on dynamoose and may be impacted: - fintalk-pkg =2.3.20, =2.3.22 Source cves: CVE-2021-21304 Source advisory: OSV:GHSA-RRQM-P222-8PH2...

libmysofa 代码问题漏洞

libmysofa is a lightweight C library for reading AES SOFA files. A null pointer dereference vulnerability exists in libmysofa 0.5 - 1.1. The vulnerability stems from the changeAttribute function failing to handle input data correctly. An attacker can exploit the vulnerability to cause segmentatio...

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +10 more potentially affected by CVE-2020-28495 via total.js (>=1.2.3 <=3.4.13)

total.js NPM version =1.2.3, =1.1.0, =0.1.5, =0.1.0, =4.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.4 Source cves: CVE-2020-28495 Source advisory: OSV:GHSA-6CF8-QHQJ-VJQM...

PT-2022-20313 · Lighttpd +1 · Lighttpd +1

Name of the Vulnerable Software and Affected Versions: Lighttpd versions 1.4.56 through 1.4.58 Description: The issue allows a remote attacker to cause a denial of service due to CPU consumption from stuck connections. This is because a typo in the connection read header more function in...

aimmo (>=0.61.9 <=0.67.1b256), ambition-edc (>=0.3.68 <=0.3.72) +54 more potentially affected by CVE-2021-3281 via django (>=2.2.0 <=2.2.17)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =0.0.1, =0.0.1, =2.0.0, =0.3.0a0, =0.4.0b1 and more Source cves: CVE-2021-3281 Source advisory: OSV:PYSEC-2021-9...

PT-2021-7854 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.6 through 5.11 Description: A time-of-check to time-of-use issue exists in the io uring subsystem's IORING OP CLOSE operation, allowing a local user to elevate their privileges to root. This issue is related to...

myelin-engine (>=0.1.0 <=0.14.2), nphysics_testbed2d (>=0.1.0 <=0.10.0) +6 more potentially affected by unknown CVE via nphysics2d (>=0.10.3 <=0.9.4)

nphysics2d CARGO version =0.10.3, =0.1.0, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.4.0, =0.0.2, =0.2.2, =0.11.3 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0149...

CVE-2020-4682

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509...

IBM QRadar SIEM 代码问题漏洞

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A server-side...

CVE-2020-35753

The job posting recommendation form in Persis Human Resource Management Portal Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20, when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter...

django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21239 via pysaml2 (>=4.0.2 <=5.0.0)

pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21239 Source advisory: OSV:PYSEC-2021-49...

django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21238 via pysaml2 (>=4.0.2 <=5.0.0)

pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21238 Source advisory: OSV:GHSA-F4G9-H89H-JGV9...

03-three_basic (=1.0.0), 3d-configurator-test (>=0.1.0 <=0.4.0) +2701 more potentially affected by CVE-2020-28478 via gsap (>=1.16.1 <=3.5.1)

gsap NPM version =1.16.1, =0.1.0, =1.29.0, =0.0.2, =1.0.0, =0.0.1, =8.0.1-para-beta.0, =13.351.0, =13.351.3, =7.10.0, =7.10.0, =0.0.2, =0.3.9 and more Source cves: CVE-2020-28478 Source advisory: OSV:GHSA-6G8V-HPGW-H2V7...

CVE-2021-2017

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Us...