|
197271
|
5.3 |
MEDIUM
Network
|
ibm
|
qradar_user_behavior_analytics
|
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.
|
CWE-863
Incorrect Authorization
|
CVE-2021-20429
|
2024-11-21 14:46 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197272
|
7.5 |
HIGH
Network
|
ibm
|
qradar_user_behavior_analytics
|
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informati…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-20393
|
2024-11-21 14:46 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197273
|
6.1 |
MEDIUM
Network
|
ibm
|
qradar_user_behavior_analytics
|
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20392
|
2024-11-21 14:46 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197274
|
3.3 |
LOW
Local
|
ibm
|
qradar_user_behavior_analytics
|
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2021-20391
|
2024-11-21 14:46 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197275
|
5.4 |
MEDIUM
Network
|
ibm
|
jazz_reporting_service
|
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-20535
|
2024-11-21 14:46 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197276
|
7.5 |
HIGH
Local
|
qemu
debian
|
qemu
debian_linux
|
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating the…
|
CWE-362
Race Condition
|
CVE-2021-20181
|
2024-11-21 14:46 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197277
|
6.0 |
MEDIUM
Local
|
qemu
redhat
debian
|
qemu
enterprise_linux
debian_linux
|
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing …
|
-
|
CVE-2021-20221
|
2024-11-21 14:46 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197278
|
4.3 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform_expansion_pack
jboss-ejb-client
|
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vul…
|
CWE-200
Information Exposure
|
CVE-2021-20250
|
2024-11-21 14:46 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197279
|
4.9 |
MEDIUM
Network
|
mongodb
|
c\#_driver
|
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain s…
|
CWE-200
Information Exposure
|
CVE-2021-20331
|
2024-11-21 14:46 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197280
|
7.3 |
HIGH
Local
|
redhat
|
keycloak
|
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to t…
|
-
|
CVE-2021-20202
|
2024-11-21 14:46 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
