CVE-2021-30808
This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system.
Source: CVE-2021-30808
[월:] 2021년 10월
CVE-2021-3745
CVE-2021-3745
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type
Source: CVE-2021-3745
CVE-2021-22097
CVE-2021-22097
In Spring AMQP versions 2.2.0 – 2.2.18 and 2.3.0 – 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
Source: CVE-2021-22097
CVE-2021-22044
CVE-2021-22044
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.
Source: CVE-2021-22044
CVE-2021-22096
CVE-2021-22096
In Spring Framework versions 5.3.0 – 5.3.10, 5.2.0 – 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Source: CVE-2021-22096
CVE-2021-22047
CVE-2021-22047
In Spring Data REST versions 3.4.0 – 3.4.13, 3.5.0 – 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.
Source: CVE-2021-22047
CVE-2020-7875
CVE-2020-7875
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.
Source: CVE-2020-7875
CVE-2020-22312
CVE-2020-22312
A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.
Source: CVE-2020-22312
CVE-2021-41728
CVE-2021-41728
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles.
Source: CVE-2021-41728
CVE-2021-3576
CVE-2021-3576
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to ‘NT AUTHORITYSystem. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client’s security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.
Source: CVE-2021-3576