|
197771
|
7.8 |
HIGH
Local
|
vmware
|
rabbitmq
|
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-22117
|
2024-11-21 14:49 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197772
|
7.5 |
HIGH
Network
|
elastic
|
elastic_app_search
|
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose websit…
|
CWE-611
XXE
|
CVE-2021-22140
|
2024-11-21 14:49 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197773
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to creat…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22139
|
2024-11-21 14:49 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197774
|
3.7 |
LOW
Network
|
elastic
|
logstash
|
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-22138
|
2024-11-21 14:49 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197775
|
5.3 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions whe…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2021-22137
|
2024-11-21 14:49 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197776
|
3.5 |
LOW
Physics
|
elastic
|
kibana
|
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background pol…
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-22136
|
2024-11-21 14:49 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197777
|
5.3 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The sug…
|
CWE-200
Information Exposure
|
CVE-2021-22135
|
2024-11-21 14:49 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197778
|
5.3 |
MEDIUM
Network
|
blackberry
|
unified_endpoint_management
|
An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially ga…
|
NVD-CWE-noinfo
|
CVE-2021-22154
|
2024-11-21 14:49 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197779
|
7.3 |
HIGH
Local
|
blackberry
|
unified_endpoint_management
|
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially caus…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-22153
|
2024-11-21 14:49 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197780
|
5.5 |
MEDIUM
Local
|
blackberry
|
unified_endpoint_management
|
A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an…
|
CWE-20
Improper Input Validation
|
CVE-2021-22152
|
2024-11-21 14:49 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
