PT-2021-11738 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions 4.0.x through 4.1.3 Description: A vulnerability exists in the CsrfProtectionMiddleware component, allowing method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is n...

DEBIAN-CVE-2020-17509

ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected...

IBM Spectrum Protect Plus 授权问题漏洞

IBM Spectrum Protect Plus is a data protection and availability solution for virtualized environments that can be deployed in minutes and protect your environment in less than an hour. A session fixation vulnerability exists in IBM Spectrum Protect Plus 10.1.0 - 10.1.6. The vulnerability stems fr...

IBM Spectrum Protect Plus 信息泄露漏洞

IBM Spectrum Protect Plus is a data protection and availability solution for virtualized environments that can be deployed in minutes and protect your environment in less than an hour. An information disclosure vulnerability exists in IBM Spectrum Protect Plus 10.1.0 - 10.1.6. An attacker could...

LemoGUI (=0.0.1-nightly), a2d (>=0.1.0 <=0.1.11) +277 more potentially affected by CVE-2021-45688 via ash (>=0.24.4 <=0.32.1)

ash CARGO version =0.24.4, =0.1.0, =0.1.0, =0.0.1, =0.1.2, =0.1.0, =0.1.0, =0.5.4, =0.2.0, =0.1.0, =0.3.0 - amethyst-navigation =0.1.0 and more Source cves: CVE-2021-45688 Source advisory: OSV:RUSTSEC-2021-0090...

Sahellebusch Flattenizer Security Vulnerability

Sahellebusch Flattenizer is a code library for flattening object variables based on the Javascript language by the individual developer Sahellebusch. A security vulnerability exists in flattenizer versions 0.0.5 through 1.0.5, which can be exploited by an attacker to cause a denial of service and...

React Atomic Organism Security Vulnerability

React Atomic Organism is a codebase from the React Atomic team used to provide atomicity support for React applications. A security vulnerability in React Atomic Organism set-object-value versions 0.0.0 through 0.0.5 allows attackers to exploit the vulnerability for denial of service and...

Dominictarr Libnested Security Vulnerability

Dominictarr Libnested is a codebase from the Dominictarr individual developer that provides map, each, get, set, keys functions for base nested objects. A security vulnerability exists in libnested versions 0.0.0 through 1.5.0 that can be exploited by an attacker to cause a denial of service and...

Jiransecurity Spamsniper Buffer Overflow Vulnerability

Jiransecurity Spamsniper is an integrated multifunctional e-mail security software from Jiransecurity, Korea. The software is equipped with features such as blocking spam, virus emails, anti-scam, mail server protection, management, archiving, and more. A buffer overflow vulnerability exists in...

PT-2020-17362 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 2.5.0 through 3.9.22 Description: An issue was discovered where the autosuggestion feature of com finder did not respect the access level of the corresponding terms. Recommendations: For Joomla! versions 2.5.0 through 3.9.22,...

Joomla! 输入验证错误漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An ACL write conflict vulnerability exists in Joomla! 1.7.0-3.9.22. The...

03-three_basic (=1.0.0), 3d-configurator-test (>=0.1.0 <=0.4.0) +2268 more potentially affected by CVE-2020-28478 via gsap (>=3.0.4 <=3.5.1)

gsap NPM version =3.0.4, =0.1.0, =0.0.2, =1.0.0, =0.0.1, =8.0.1-para-beta.0, =13.351.0, =13.351.3, =7.10.0, =7.10.0, =0.0.2, =0.0.1, =0.0.4 and more Source cves: CVE-2020-28478 Source advisory: SNYK:JS-GSAP-1054614...

CVE-2020-7845

Spamsniper 5.0 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet...

@3wks/gae-node-nestjs (>=3.0.0 <=6.0.0-rc.0), @abujude/sgs-khadamati (>=1.1.8 <=1.3.1) +388 more potentially affected by CVE-2020-26289 via date-and-time (>=0.10.0 <=0.14.1)

date-and-time NPM version =0.10.0, =3.0.0, =1.1.8, =3.6.0, =0.0.0, =1.1.68, =0.1.3, =0.1.0-master.20191004191703, =1.4.1-atomist.a260p86nh.typescript-version.master.20190915212851, =0.1.0-master.20190930203939, =3.0.0-beta.14.1, =0.1.0, =2.0.0-pr.1, =0.0.1-alpha.1, =5.4.3 - @beautifulai/storage...

IBM DB2 安全漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM DB2 9.7, 10.1, 10.5, 11.1, 11.5. A local attacker can...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +5475 more potentially affected by CVE-2020-26258 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.14)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2020-26258 Source advisory: OSV:GHSA-4CCH-WXPW-8P28...

QuantConnect Lean Code Issue Vulnerability

Quantconnect Lean is a cross-platform algorithmic trading engine for strategy research, backtesting and real-time trading based on the C language from Quantconnect. A security vulnerability exists in QuantConnect Lean versions 2.3.0.0 through 2.4.0.1, which stems from a failure to securely...

CVE-2020-4658

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

mysql: InnoDB unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

...