CVE-2020-28477
This affects all versions of package immer.
Source: CVE-2020-28477
[월:] 2021년 01월
CVE-2021-22851
CVE-2021-22851
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
Source: CVE-2021-22851
CVE-2021-22850
CVE-2021-22850
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
Source: CVE-2021-22850
CVE-2021-22852
CVE-2021-22852
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
Source: CVE-2021-22852
CVE-2021-3178
CVE-2021-3178
** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.
Source: CVE-2021-3178
CVE-2021-3177
CVE-2021-3177
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Source: CVE-2021-3177
CVE-2021-20619
CVE-2021-20619
Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.
Source: CVE-2021-20619
CVE-2020-29450
CVE-2020-29450
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
Source: CVE-2020-29450
CVE-2020-36192
CVE-2020-36192
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php page, as well as on the list.php page (a pop-up on the Affected Issues id hyperlink). Additionally, if the attacker has "Update threshold" in the plugin’s configuration (set to the "updater" access level by default), then they can link any Issue to a Changeset by entering the Issue’s Id, even if they do not have access to it.
Source: CVE-2020-36192
CVE-2020-36193
CVE-2020-36193
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Source: CVE-2020-36193