CVE-2021-30502
The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.
Source: CVE-2021-30502
[월:] 2021년 04월
CVE-2021-31712
CVE-2021-31712
react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.
Source: CVE-2021-31712
CVE-2021-31794
CVE-2021-31794
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.
Source: CVE-2021-31794
CVE-2021-31795
CVE-2021-31795
The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.
Source: CVE-2021-31795
CVE-2021-31598
CVE-2021-31598
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
Source: CVE-2021-31598
CVE-2021-31791
CVE-2021-31791
In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.
Source: CVE-2021-31791
CVE-2021-29158
CVE-2021-29158
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
Source: CVE-2021-29158
CVE-2020-7034
CVE-2020-7034
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
Source: CVE-2020-7034
CVE-2021-31584
CVE-2021-31584
Sipwise C5 NGCP CSC through CE_m39.3.1 allows call/click2dial CSRF attacks for actions with administrative privileges
Source: CVE-2021-31584
CVE-2020-7035
CVE-2020-7035
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.
Source: CVE-2020-7035