Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. Date published : 2021-05-25 https://github.com/RobLoach/nconf-toml/blob/8ade08cd1cfb9691ab7cc5c3514cc05c5085918f/index.js#L8 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25946
Prototype pollution vulnerability in ‘deep-defaults’ versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. Date published : 2021-05-25 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25944
In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `add()` performs improper validation checks on the input sent...
In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `createRequisitionedNode()` does not perform any validation checks on the...
A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS...
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using...
Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2021-05-25 https://www.jenkins.io/security/advisory/2021-05-25/#SECURITY-2341 http://www.openwall.com/lists/oss-security/2021/05/25/3
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2021-05-25 https://www.jenkins.io/security/advisory/2021-05-25/#SECURITY-2340 http://www.openwall.com/lists/oss-security/2021/05/25/3
Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2021-05-25 https://www.jenkins.io/security/advisory/2021-05-25/#SECURITY-2339 http://www.openwall.com/lists/oss-security/2021/05/25/3
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. Date published : 2021-05-25 https://security.gentoo.org/glsa/202107-16 https://bugzilla.redhat.com/show_bug.cgi?id=1928726
Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Date published : 2021-05-25 https://www.tenable.com/security/research/tra-2021-18
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have...
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged...
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to...