Docebo Community Edition SQL注入漏洞

Docebo Community Edition is a learning suite from Docebo Canada. A SQL injection vulnerability exists in Docebo Community Edition version v4.0.5 and prior versions, which stems from the inclusion of a SQL injection vulnerability...

Mattermost Server does not neutralize HTML content in an Email template field

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized...

CVE-2022-30551

creationtimestamp| type| source ---|---|--- 2022-05-20 16:36:40+00:00| seen| https://t.me/cibsecurity/43049...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +215 more potentially affected by CVE-2015-5209 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.24)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =1.2.6 and more Source cves: CVE-2015-5209 Source advisory: OSV:GHSA-4QGJ-9MVG-3929...

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

CVE-2021-27756

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

CVE-2022-23319

A segmentation fault during PCF file parsing in pcf2bdf versions =1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the software and dependent downstream components...

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

CVE-2021-37565

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read...

CVE-2021-36878

Cross-Site Request Forgery CSRF vulnerability in WordPress uListing plugin versions = 2.0.5 makes it possible for attackers to update settings...

UBUNTU-CVE-2021-3605

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability...

CVE-2021-22907

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4...

siemens Tecnomatix RobotExpert 安全漏洞

siemens Tecnomatix RobotExpert is a software application from Siemens, Germany. It provides support for unique industry applications such as mounting, arc welding, polishing, gluing and others. A security vulnerability exists in siemens Tecnomatix RobotExpert. The vulnerability stems from the...

Squid 输入验证错误漏洞

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. Squid suffers from an input validation error vulnerability. The vulnerability stems from an incorrect memory managemen...

CVE-2021-20018

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier...

Sonicwall SMA100 操作系统命令注入漏洞

The SonicWall SMA100 is a secure access gateway appliance from SonicWALL USA. An operating system command injection vulnerability exists in SonicWall SMA100 version 10.2.0.5 and earlier versions, which can be exploited by an authenticated attacker to execute operating system commands on the targe...

CVE-2020-25037

UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command...

PT-2021-11705 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.0 through 2.0.4 Harbor versions 2.1.x through 2.1.1 Description: The catalog's registry API is exposed on an unauthenticated path, allowing bypass of authorization. The vulnerable API endpoint is "GET /v2/ catalog/" which ca...

CVE-2020-27715

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...

Malwarebytes Endpoint Protection Backlink Vulnerability

Malwarebytes Endpoint Protection is an endpoint protection software from the US-based Malwarebytes Inc. The software provides complete malware protection and remediation with accurate threat detection, proactive threat blocking, and thorough remediation. A security vulnerability exists in...