CVE-2021-41164
- EPSS 1.26%
- Veröffentlicht 17.11.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:25:38
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML by...
CVE-2021-41182
- EPSS 42.23%
- Veröffentlicht 26.10.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 06:25:41
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any str...
CVE-2021-41183
- EPSS 7.95%
- Veröffentlicht 26.10.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 06:25:42
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The v...
CVE-2021-41184
- EPSS 44.52%
- Veröffentlicht 26.10.2021 15:15:10
- Zuletzt bearbeitet 04.11.2025 16:15:43
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string v...
CVE-2021-35609
- EPSS 0.9%
- Veröffentlicht 20.10.2021 11:17:07
- Zuletzt bearbeitet 21.11.2024 06:12:38
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows low privileged attacker with network access vi...
CVE-2021-35595
- EPSS 0.8%
- Veröffentlicht 20.10.2021 11:17:02
- Zuletzt bearbeitet 21.11.2024 06:12:36
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Business Interlink). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with n...
CVE-2021-35568
- EPSS 0.82%
- Veröffentlicht 20.10.2021 11:16:50
- Zuletzt bearbeitet 21.11.2024 06:12:32
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with net...
CVE-2021-37136
- EPSS 5.65%
- Veröffentlicht 19.10.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:14:42
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an...
CVE-2021-37137
- EPSS 6.28%
- Veröffentlicht 19.10.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:14:43
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well...
CVE-2021-22946
- EPSS 4.22%
- Veröffentlicht 29.09.2021 20:15:08
- Zuletzt bearbeitet 16.04.2026 15:16:44
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This ...