Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28488PUBLISHED: 2021-01-22This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui.
When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.
CVE-2021-22847PUBLISHED: 2021-01-22Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
CVE-2021-22849PUBLISHED: 2021-01-22Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
CVE-2020-8567PUBLISHED: 2021-01-21Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
User Rank: Ninja
4/9/2014 | 6:44:34 PM