Tag: NVD
-
CVE-2021-23417 – All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge fu …
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge …
-
CVE-2021-20399 – IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML Exte …
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when …
-
CVE-2021-20562 – IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through …
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. …
-
CVE-2021-34432 – In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries …
In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = …
-
CVE-2021-32748 – Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WO …
Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform …
-
CVE-2021-32788 – Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two …
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper …
-
CVE-2021-32796 – xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMPars …
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions …
-
CVE-2021-21440 – Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not …
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) …
-
CVE-2021-21442 – In the project create screen it’s possible to inject malicious JS code to the certain fiel …
In the project create screen it’s possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting …
-
CVE-2021-21443 – Agents are able to list customer user emails without required permissions in the bulk acti …
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) …
-
CVE-2021-33900 – While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was …
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication …
-
CVE-2021-36091 – Agents are able to list appointments in the calendars without required permissions. This i …
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: …
●●●