CVE-2021-0114
Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.
Source: CVE-2021-0114
[월:] 2021년 08월
CVE-2020-18705
CVE-2020-18705
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component ‘quokka/core/content/views.py’.
Source: CVE-2020-18705
CVE-2020-18704
CVE-2020-18704
Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the ‘image’ widget in the component ‘Change Widgy Page’.
Source: CVE-2020-18704
CVE-2020-18703
CVE-2020-18703
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component ‘quokka/utils/atom.py’.
Source: CVE-2020-18703
CVE-2020-18702
CVE-2020-18702
Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the ‘Username’ parameter in the component ‘quokka/admin/actions.py’.
Source: CVE-2020-18702
CVE-2020-18699
CVE-2020-18699
Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the ‘Username’ parameter of the in component ‘app/api/cms/user.py’.
Source: CVE-2020-18699
CVE-2020-18698
CVE-2020-18698
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the ‘login’ function in the component ‘app/api/cms/user.py’.
Source: CVE-2020-18698
CVE-2020-18701
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user’s authentication token upon logout, which allows for replaying packets.
Source: CVE-2020-18701
CVE-2021-38758
CVE-2021-38758
Directory traversal in Online Catering Reservation System due to lack of validation in index.php.
Source: CVE-2021-38758
CVE-2021-38757
CVE-2021-38757
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
Source: CVE-2021-38757