|
195421
|
6.1 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
|
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2021-22936
|
2024-11-21 14:50 |
2021-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195422
|
7.2 |
HIGH
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
|
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
|
CWE-77
Command Injection
|
CVE-2021-22935
|
2024-11-21 14:50 |
2021-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195423
|
7.2 |
HIGH
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
|
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overfl…
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-22934
|
2024-11-21 14:50 |
2021-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195424
|
6.5 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
|
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
|
CWE-22
Path Traversal
|
CVE-2021-22933
|
2024-11-21 14:50 |
2021-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195425
|
7.5 |
HIGH
Network
|
citrix
|
sharefile_storagezones_controller
|
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously b…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2021-22932
|
2024-11-21 14:50 |
2021-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195426
|
9.8 |
CRITICAL
Network
|
nodejs
netapp
oracle
siemens
|
node.js
snapcenter
oncommand_workflow_automation
oncommand_insight
active_iq_unified_manager
nextgen_api
peoplesoft_enterprise_peopletools
graalvm
mysql_cluster
sinec_infra…
|
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js d…
|
CWE-20
Improper Input Validation
|
CVE-2021-22931
|
2024-11-21 14:50 |
2021-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195427
|
6.1 |
MEDIUM
Network
|
advantech
|
webaccess\/scada
|
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session …
|
CWE-79
Cross-site Scripting
|
CVE-2021-22676
|
2024-11-21 14:50 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195428
|
6.5 |
MEDIUM
Network
|
advantech
|
webaccess\/scada
|
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions pr…
|
CWE-22
Path Traversal
|
CVE-2021-22674
|
2024-11-21 14:50 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195429
|
7.0 |
HIGH
Local
|
huawei
|
magic_ui
emui
|
A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges.
|
CWE-415
Double Free
|
CVE-2021-22386
|
2024-11-21 14:50 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195430
|
7.8 |
HIGH
Local
|
huawei
|
magic_ui
emui
|
A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-22385
|
2024-11-21 14:50 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
