CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2021-37573 – Tiny Java Web Server 1.115 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-37573
A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el servidor web TTiny Java Web Server and Servlet Container (TJWS) versiones anteriores a 1.115 incluyéndola, permite a un adversario inyectar código malicioso en la página de error "404 Page not Found" del servidor Tiny Java Web Server and Servlet Container versions 1.115 and below suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/163825/Tiny-Java-Web-Server-1.115-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2021/Aug/13 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-042.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36438
https://notcve.org/view.php?id=CVE-2020-36438
An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future<T> does not have bounds on its Send and Sync traits. Se ha detectado un problema en la crate tiny_future versiones anteriores a 0.4.0 para Rust. La función Future(T) no presente límites en sus rasgos Send y Sync • https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tiny_future/RUSTSEC-2020-0118.md https://rustsec.org/advisories/RUSTSEC-2020-0118.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35884
https://notcve.org/view.php?id=CVE-2020-35884
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. Se detectó un problema en la crate tiny_http hasta el 16-06-2020 para Rust. El tráfico no autorizado de peticiones HTTP puede ocurrir por medio de un encabezado Transfer-Encoding malformado. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3JDNRE5RXJOWZZZF5QSCG4GUCSLTHF2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VO6SRTCEPEYO2OX647I3H5XUWLFDRDWL https://rustsec.org/advisories/RUSTSEC-2020-0031.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7724 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2020-7724
All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. Todas las versiones del paquete tiny-conf, son vulnerables a una Contaminación de Prototipo por medio de la función set • https://snyk.io/vuln/SNYK-JS-TINYCONF-598792 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12648
https://notcve.org/view.php?id=CVE-2020-12648
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. Una vulnerabilidad de tipo cross-site scripting (XSS) en TinyMCE versiones 5.2.1 y anteriores, permite a atacantes remotos inyectar script web arbitrario cuando se configuraba en el modo de edición clásica. • https://labs.bishopfox.com/advisories/tinymce-version-5.2.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •