CVE-2021-32014
SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.
Source: CVE-2021-32014
[월:] 2021년 07월
CVE-2021-34817
CVE-2021-34817
A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.
Source: CVE-2021-34817
CVE-2021-32013
CVE-2021-32013
SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).
Source: CVE-2021-32013
CVE-2021-32012
CVE-2021-32012
SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).
Source: CVE-2021-32012
CVE-2021-3279
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box.
Source: CVE-2021-3279
CVE-2021-31216
CVE-2021-31216
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.
Source: CVE-2021-31216
CVE-2021-33027
CVE-2021-33027
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
Source: CVE-2021-33027
CVE-2021-35964
CVE-2021-35964
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
Source: CVE-2021-35964
CVE-2021-35965
CVE-2021-35965
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
Source: CVE-2021-35965
CVE-2021-35966
CVE-2021-35966
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.
Source: CVE-2021-35966