|
194001
|
8.8 |
HIGH
Network
|
kaseya
|
vsa
|
The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: ``` GET …
|
CWE-89
SQL Injection
|
CVE-2021-30117
|
2024-11-21 15:03 |
2021-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194002
|
9.8 |
CRITICAL
Network
|
kaseya
|
vsa_agent
vsa_server
|
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be down…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-30116
|
2024-11-21 15:03 |
2021-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194003
|
7.5 |
HIGH
Network
|
apache
oracle
|
cxf
tomee
business_intelligence
communications_messaging_server
communications_element_manager
|
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming C…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2021-30468
|
2024-11-21 15:03 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194004
|
6.1 |
MEDIUM
Network
|
cloverdx
|
cloverdx
|
A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken pa…
|
CWE-79
Cross-site Scripting
|
CVE-2021-30133
|
2024-11-21 15:03 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194005
|
5.3 |
MEDIUM
Network
|
checkpoint
|
ssl_network_extender
|
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have ac…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-30357
|
2024-11-21 15:03 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194006
|
9.8 |
CRITICAL
Network
|
aomedia
fedoraproject
|
aomedia
fedora
|
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-30475
|
2024-11-21 15:03 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194007
|
9.8 |
CRITICAL
Network
|
aomedia
|
aomedia
|
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
|
CWE-416
Use After Free
|
CVE-2021-30474
|
2024-11-21 15:03 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194008
|
9.8 |
CRITICAL
Network
|
apache
|
dubbo
|
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in ord…
|
NVD-CWE-noinfo
|
CVE-2021-30181
|
2024-11-21 15:03 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194009
|
9.8 |
CRITICAL
Network
|
apache
|
dubbo
|
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the…
|
CWE-444
HTTP Request Smuggling
|
CVE-2021-30180
|
2024-11-21 15:03 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194010
|
9.8 |
CRITICAL
Network
|
apache
|
dubbo
|
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the ser…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-30179
|
2024-11-21 15:03 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
