CVE-2020-28902
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
Source: CVE-2020-28902
[월:] 2021년 05월
CVE-2020-28901
CVE-2020-28901
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
Source: CVE-2020-28901
CVE-2020-28900
CVE-2020-28900
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
Source: CVE-2020-28900
CVE-2020-26006
CVE-2020-26006
Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php.
Source: CVE-2020-26006
CVE-2021-21988
CVE-2021-21988
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Source: CVE-2021-21988
CVE-2021-21989
CVE-2021-21989
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Source: CVE-2021-21989
CVE-2021-3559
CVE-2021-3559
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the ‘nodedev-list’ virsh command. The highest threat from this vulnerability is to system availability.
Source: CVE-2021-3559
CVE-2021-21987
CVE-2021-21987
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Source: CVE-2021-21987
CVE-2021-24298
CVE-2021-24298
The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS
Source: CVE-2021-24298
CVE-2021-24332
CVE-2021-24332
The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues
Source: CVE-2021-24332