CVE-2020-18659
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
Source: CVE-2020-18659
[월:] 2021년 06월
CVE-2021-29620
CVE-2021-29620
Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition (DTD) file with external entities for extraction of secrets from Report Portal service-api module or server-side request forgery. This will be resolved in the 5.4.0 release.
Source: CVE-2021-29620
CVE-2021-33624
CVE-2021-33624
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
Source: CVE-2021-33624
CVE-2021-3526
CVE-2021-3526
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Source: CVE-2021-3526
CVE-2021-35438
CVE-2021-35438
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
Source: CVE-2021-35438
CVE-2020-20392
CVE-2020-20392
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
Source: CVE-2020-20392
CVE-2020-20391
CVE-2020-20391
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.
Source: CVE-2020-20391
CVE-2021-25950
CVE-2021-25950
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2021-25950
CVE-2011-2926
CVE-2011-2926
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Source: CVE-2011-2926
CVE-2020-20389
CVE-2020-20389
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.
Source: CVE-2020-20389