CVE-2021-21413
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make…
Devamını oku
Day: Mart 30, 2021
CVE-2020-24995 (ffmpeg)
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). Devamını Oku
CVE-2020-24995
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). Devamını Oku
CVE-2020-24391 (mongo-express)
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769. Devamını Oku
CVE-2020-24391
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769. Devamını Oku
CVE-2021-21412
Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted…
CVE-2021-20520 (engineering_insights, engineering_lifecycle_management, engineering_requirements_quality_assistant_on-premises, engineering_workflow_management, rational_engineering_lifecycle_manager, rational_team_concert)
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…
CVE-2021-20518 (engineering_insights, engineering_lifecycle_management, engineering_requirements_quality_assistant_on-premises, engineering_workflow_management, rational_engineering_lifecycle_manager, rational_team_concert)
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…
CVE-2021-20506 (engineering_insights, engineering_lifecycle_management, engineering_requirements_quality_assistant_on-premises, engineering_workflow_management, rational_engineering_lifecycle_manager, rational_team_concert)
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…
CVE-2021-20504 (engineering_insights, engineering_lifecycle_management, engineering_requirements_quality_assistant_on-premises, engineering_workflow_management, rational_engineering_lifecycle_manager, rational_team_concert)
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…