CVE-2021-20083
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
Source: CVE-2021-20083
[월:] 2021년 04월
CVE-2021-20087
CVE-2021-20087
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.
Source: CVE-2021-20087
CVE-2021-20088
CVE-2021-20088
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.
Source: CVE-2021-20088
CVE-2021-22682
CVE-2021-22682
Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.
Source: CVE-2021-22682
CVE-2021-22678
CVE-2021-22678
Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.
Source: CVE-2021-22678
CVE-2021-22205
CVE-2021-22205
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Source: CVE-2021-22205
CVE-2021-22207
CVE-2021-22207
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
Source: CVE-2021-22207
CVE-2021-22204
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Source: CVE-2021-22204
CVE-2021-20084
CVE-2021-20084
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype.
Source: CVE-2021-20084
CVE-2021-29469
CVE-2021-29469
Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1.
Source: CVE-2021-29469