CVE-2021-32809
- EPSS 1.19%
- Veröffentlicht 12.08.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:47
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionali...
CVE-2021-32066
- EPSS 2.91%
- Veröffentlicht 01.08.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:06:47
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protecti...
- EPSS 1.48%
- Veröffentlicht 30.07.2021 14:15:16
- Zuletzt bearbeitet 21.11.2024 06:06:14
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
CVE-2021-2375
- EPSS 1.03%
- Veröffentlicht 21.07.2021 15:15:34
- Zuletzt bearbeitet 21.11.2024 06:02:59
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network acces...
CVE-2021-2373
- EPSS 0.51%
- Veröffentlicht 21.07.2021 15:15:33
- Zuletzt bearbeitet 21.11.2024 06:02:59
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.5.3 and Prior. Easily exploitable vulnerability allows low privileged attacker with network access...
CVE-2021-2351
- EPSS 2.5%
- Veröffentlicht 21.07.2021 15:15:21
- Zuletzt bearbeitet 21.11.2024 06:02:56
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracl...
CVE-2021-31810
- EPSS 3.05%
- Veröffentlicht 13.07.2021 13:15:09
- Zuletzt bearbeitet 21.11.2024 06:06:16
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract inf...
CVE-2021-21409
- EPSS 4.94%
- Veröffentlicht 30.03.2021 15:15:14
- Zuletzt bearbeitet 21.11.2024 05:48:17
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerabi...
CVE-2021-3449
- EPSS 62.91%
- Veröffentlicht 25.03.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:33
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...
CVE-2021-3450
- EPSS 18.34%
- Veröffentlicht 25.03.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:33
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...