CVE-2020-19146
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the ‘TemplatePath’ parameter in the component ‘jfinal_cms/admin/folder/list’.
Source: CVE-2020-19146
[월:] 2021년 09월
CVE-2021-3797
CVE-2021-3797
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
Source: CVE-2021-3797
CVE-2021-41076
CVE-2021-41076
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2021-41076
CVE-2021-3794
CVE-2021-3794
vuelidate is vulnerable to Inefficient Regular Expression Complexity
Source: CVE-2021-3794
CVE-2021-3801
CVE-2021-3801
prism is vulnerable to Inefficient Regular Expression Complexity
Source: CVE-2021-3801
CVE-2021-39307
CVE-2021-39307
PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
Source: CVE-2021-39307
CVE-2021-40845
CVE-2021-40845
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.
Source: CVE-2021-40845
CVE-2021-3796
CVE-2021-30137
CVE-2021-30137
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points.
Source: CVE-2021-30137
CVE-2021-27662
CVE-2021-27662
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01
Source: CVE-2021-27662