|
197461
|
9.8 |
CRITICAL
Network
|
gryphonconnect
|
gryphon_tower_firmware
|
An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery,…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-20146
|
2024-11-21 14:46 |
2021-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197462
|
7.5 |
HIGH
Network
|
gryphonconnect
|
gryphon_tower_firmware
|
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices …
|
CWE-287
Improper Authentication
|
CVE-2021-20145
|
2024-11-21 14:46 |
2021-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197463
|
8.8 |
HIGH
Adjacent
|
gryphonconnect
|
gryphon_tower_firmware
|
An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same n…
|
CWE-78
OS Command
|
CVE-2021-20144
|
2024-11-21 14:46 |
2021-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197464
|
8.8 |
HIGH
Adjacent
|
gryphonconnect
|
gryphon_tower_firmware
|
An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same n…
|
CWE-78
OS Command
|
CVE-2021-20143
|
2024-11-21 14:46 |
2021-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197465
|
8.8 |
HIGH
Adjacent
|
gryphonconnect
|
gryphon_tower_firmware
|
An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same n…
|
CWE-78
OS Command
|
CVE-2021-20142
|
2024-11-21 14:46 |
2021-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197466
|
8.8 |
HIGH
Adjacent
|
gryphonconnect
|
gryphon_tower_firmware
|
An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same n…
|
CWE-78
OS Command
|
CVE-2021-20141
|
2024-11-21 14:46 |
2021-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197467
|
8.8 |
HIGH
Adjacent
|
gryphonconnect
|
gryphon_tower_firmware
|
An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same n…
|
CWE-78
OS Command
|
CVE-2021-20140
|
2024-11-21 14:46 |
2021-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197468
|
6.1 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20493
|
2024-11-21 14:46 |
2021-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197469
|
7.5 |
HIGH
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.
|
CWE-521
Weak Password Requirements
|
CVE-2021-20470
|
2024-11-21 14:46 |
2021-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197470
|
7.5 |
HIGH
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2021-20400
|
2024-11-21 14:46 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
