|
199061
|
9.8 |
CRITICAL
Network
|
dell
|
openmanage_server_administrator
|
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A …
|
CWE-287
Improper Authentication
|
CVE-2021-21513
|
2024-11-21 14:48 |
2021-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199062
|
9.8 |
CRITICAL
Network
|
fastify-http-proxy_project
|
fastify-http-proxy
|
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the pr…
|
-
|
CVE-2021-21322
|
2024-11-21 14:48 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199063
|
10.0 |
CRITICAL
Network
|
fastify-reply-from_project
|
fastify-reply-from
|
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is pos…
|
-
|
CVE-2021-21321
|
2024-11-21 14:48 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199064
|
4.3 |
MEDIUM
Network
|
matrix-react-sdk_project
|
matrix-react-sdk
|
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected…
|
-
|
CVE-2021-21320
|
2024-11-21 14:48 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199065
|
7.2 |
HIGH
Network
|
dell
|
emc_srs_policy_manager
|
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A re…
|
CWE-611
XXE
|
CVE-2021-21517
|
2024-11-21 14:48 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199066
|
5.4 |
MEDIUM
Network
|
dell
|
emc_sourceone
|
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessio…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21515
|
2024-11-21 14:48 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199067
|
4.4 |
MEDIUM
Local
|
zte
|
zxr10_8900e_firmware
|
A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optica…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2021-21724
|
2024-11-21 14:48 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199068
|
6.1 |
MEDIUM
Network
|
aiohttp
debian
fedoraproject
|
aiohttp
debian_linux
fedora
|
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based…
|
-
|
CVE-2021-21330
|
2024-11-21 14:48 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199069
|
5.3 |
MEDIUM
Network
|
vapor_project
|
vapor
|
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. s…
|
-
|
CVE-2021-21328
|
2024-11-21 14:48 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199070
|
5.4 |
MEDIUM
Network
|
jenkins
|
artifact_repository_parameter
|
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21622
|
2024-11-21 14:48 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
