CVE-2021-23432
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()
Source: CVE-2021-23432
[월:] 2021년 08월
CVE-2021-23430
CVE-2021-23430
All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization.
Source: CVE-2021-23430
CVE-2021-23431
CVE-2021-23431
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.
Source: CVE-2021-23431
CVE-2021-23429
CVE-2021-23429
All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.
Source: CVE-2021-23429
CVE-2021-23406
CVE-2021-23406
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
Source: CVE-2021-23406
CVE-2021-39602
CVE-2021-39602
A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.
Source: CVE-2021-39602
CVE-2021-39599
CVE-2021-39599
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.
Source: CVE-2021-39599
CVE-2021-36013
CVE-2021-36013
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Source: CVE-2021-36013
CVE-2021-28596
CVE-2021-28596
Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Source: CVE-2021-28596
CVE-2021-39615
CVE-2021-39615
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the ‘/etc/passwd’ file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Source: CVE-2021-39615