CVE-2021-25906
An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
Source: CVE-2021-25906
[월:] 2021년 01월
CVE-2021-25905
CVE-2021-25905
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
Source: CVE-2021-25905
CVE-2021-25904
CVE-2021-25904
An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.
Source: CVE-2021-25904
CVE-2021-25903
CVE-2021-25903
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.
Source: CVE-2021-25903
CVE-2021-25864
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
Source: CVE-2021-25864
CVE-2021-25863
CVE-2021-25863
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
Source: CVE-2021-25863
CVE-2021-22873
CVE-2021-22873
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.
Source: CVE-2021-22873
CVE-2021-22872
CVE-2021-22872
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
Source: CVE-2021-22872
CVE-2021-22871
CVE-2021-22871
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
Source: CVE-2021-22871
CVE-2021-21615
CVE-2021-21615
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Source: CVE-2021-21615