|
197741
|
7.5 |
HIGH
Network
|
ibm
|
cloud_pak_system
|
IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 19749…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2021-20479
|
2024-11-21 14:46 |
2022-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197742
|
6.5 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
|
CWE-776
XML Entity Expansion
|
CVE-2021-20464
|
2024-11-21 14:46 |
2022-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197743
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to i…
|
CWE-125
Out-of-bounds Read
|
CVE-2021-20295
|
2024-11-21 14:46 |
2022-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197744
|
3.7 |
LOW
Network
|
redhat
|
openshift_container_platform
openshift_machine-config-operator
|
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-20238
|
2024-11-21 14:46 |
2022-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197745
|
6.1 |
MEDIUM
Network
|
redhat
|
keycloak
|
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20323
|
2024-11-21 14:46 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197746
|
6.1 |
MEDIUM
Local
|
theforeman
|
openscap
|
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw…
|
CWE-863
Incorrect Authorization
|
CVE-2021-20290
|
2024-11-21 14:46 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197747
|
7.5 |
HIGH
Network
|
openexr
debian
|
openexr
debian_linux
|
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerabili…
|
-
|
CVE-2021-20299
|
2024-11-21 14:46 |
2022-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197748
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-20180
|
2024-11-21 14:46 |
2022-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197749
|
6.5 |
MEDIUM
Local
|
qemu
fedoraproject
redhat
debian
|
qemu
fedora
enterprise_linux
openstack_platform
enterprise_linux_for_power_little_endian
enterprise_linux_for_ibm_z_systems
codeready_linux_builder
debian_linux
|
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized wi…
|
-
|
CVE-2021-20257
|
2024-11-21 14:46 |
2022-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197750
|
5.5 |
MEDIUM
Local
|
kexec-tools_project
|
kexec-tools
|
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The …
|
-
|
CVE-2021-20269
|
2024-11-21 14:46 |
2022-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
