CVE-2021-3272
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
Source: CVE-2021-3272
[월:] 2021년 01월
CVE-2021-3317
CVE-2021-3317
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
Source: CVE-2021-3317
CVE-2021-3165
CVE-2021-3165
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
Source: CVE-2021-3165
CVE-2013-2512
CVE-2013-2512
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
Source: CVE-2013-2512
CVE-2021-1070
CVE-2021-1070
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.
Source: CVE-2021-1070
CVE-2021-1071
CVE-2021-1071
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.
Source: CVE-2021-1071
CVE-2020-23776
CVE-2020-23776
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header ‘HOST’ value to cause the server to send the request.
Source: CVE-2020-23776
CVE-2020-23774
CVE-2020-23774
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.
Source: CVE-2020-23774
CVE-2021-3309
CVE-2021-3309
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,
Source: CVE-2021-3309
CVE-2021-26272
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
Source: CVE-2021-26272