Pottr:Real time threats




CVE-2021-27673

Severity: MEDIUM

Base Score: 4.8
Source
Last Modified: 2022/05/23 22:42:00

Description: Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.


CVE-2021-24122

Severity: MEDIUM

Base Score: 5.9
Source
Last Modified: 2022/05/23 22:41:00

Description: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.


CVE-2021-27291

Severity: HIGH

Base Score: 7.5
Source
Last Modified: 2022/05/23 22:35:00

Description: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.


CVE-2021-27308

Severity: MEDIUM

Base Score: 4.8
Source
Last Modified: 2022/05/23 22:32:00

Description: A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.


CVE-2021-27358

Severity: HIGH

Base Score: 7.5
Source
Last Modified: 2022/05/23 22:32:00

Description: The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.