CVE-2021-33510
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
Source: CVE-2021-33510
[월:] 2021년 05월
CVE-2021-33512
CVE-2021-33512
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
Source: CVE-2021-33512
CVE-2021-33507
CVE-2021-33507
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
Source: CVE-2021-33507
CVE-2021-33509
CVE-2021-33509
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
Source: CVE-2021-33509
CVE-2021-33508
CVE-2021-33508
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
Source: CVE-2021-33508
CVE-2021-33513
CVE-2021-33513
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
Source: CVE-2021-33513
CVE-2021-33511
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
Source: CVE-2021-33511
CVE-2021-33500
CVE-2021-33500
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
Source: CVE-2021-33500
CVE-2008-3280
CVE-2008-3280
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.
Source: CVE-2008-3280
CVE-2021-21549
CVE-2021-21549
Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations.
Source: CVE-2021-21549