CVE-2021-3819
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Source: CVE-2021-3819
[월:] 2021년 09월
CVE-2021-3828
CVE-2021-3822
CVE-2021-3822
jsoneditor is vulnerable to Inefficient Regular Expression Complexity
Source: CVE-2021-3822
CVE-2021-40103
CVE-2021-40103
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.
Source: CVE-2021-40103
CVE-2021-40106
CVE-2021-40106
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.
Source: CVE-2021-40106
CVE-2021-40098
CVE-2021-40098
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression.
Source: CVE-2021-40098
CVE-2021-40105
CVE-2021-40105
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments.
Source: CVE-2021-40105
CVE-2021-40104
CVE-2021-40104
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.
Source: CVE-2021-40104
CVE-2021-0424
CVE-2021-0424
In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787.
Source: CVE-2021-0424
CVE-2021-0425
CVE-2021-0425
In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05400059.
Source: CVE-2021-0425