Kategori: NIST-Güvenlik Açıkları

CVE-2021-23446

The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.…

Devamını oku

CVE-2021-25961

In “SuiteCRMâ€� application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id,…

Devamını oku

CVE-2021-25962

“Shuupâ€� application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injectionâ€� vulnerability. A customer can inject payloads in the name input field in…

Devamını oku

CVE-2021-25959

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution…

Devamını oku

CVE-2021-25960

In “SuiteCRMâ€� application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injectionâ€� vulnerability (Formula Injection). A low privileged attacker can use accounts…

Devamını oku

CVE-2021-33923

Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). Devamını Oku

Devamını oku