CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
Source: CVE-2021-43659
[월:] 2022년 03월
CVE-2021-43700
CVE-2021-43700
An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8.
Source: CVE-2021-43700
CVE-2022-1052
CVE-2022-1052
Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.
Source: CVE-2022-1052
CVE-2022-0145
CVE-2022-0145
Cross-site Scripting (XSS) – Stored in GitHub repository forkcms/forkcms prior to 5.11.1.
Source: CVE-2022-0145
CVE-2022-1061
CVE-2022-1061
Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.
Source: CVE-2022-1061
CVE-2022-0315
CVE-2022-0315
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
Source: CVE-2022-0315
CVE-2022-27820
CVE-2022-27820
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
Source: CVE-2022-27820
CVE-2022-27811
CVE-2022-27811
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
Source: CVE-2022-27811
CVE-2022-27083
CVE-2022-27083
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.
Source: CVE-2022-27083
CVE-2022-27082
CVE-2022-27082
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.
Source: CVE-2022-27082