|
201141
|
7.8 |
HIGH
Local
|
theforeman
|
foreman
|
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnera…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-20260
|
2024-11-21 14:46 |
2022-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201142
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of r…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2021-20224
|
2024-11-21 14:46 |
2022-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201143
|
6.8 |
MEDIUM
Network
|
samba
debian
redhat
|
samba
debian_linux
virtualization_host
enterprise_linux
enterprise_linux_eus
enterprise_linux_tus
enterprise_linux_aus
|
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of t…
|
CWE-362
Race Condition
|
CVE-2021-20316
|
2024-11-21 14:46 |
2022-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201144
|
7.5 |
HIGH
Network
|
openexr
|
openexr
|
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest thre…
|
-
|
CVE-2021-20304
|
2024-11-21 14:46 |
2022-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201145
|
7.5 |
HIGH
Network
|
openexr
debian
|
openexr
debian_linux
|
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest th…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-20298
|
2024-11-21 14:46 |
2022-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201146
|
3.3 |
LOW
Local
|
ibm
|
jazz_team_server
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-20551
|
2024-11-21 14:46 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201147
|
4.3 |
MEDIUM
Network
|
ibm
|
jazz_team_server
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-20544
|
2024-11-21 14:46 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201148
|
5.4 |
MEDIUM
Network
|
ibm
|
jazz_team_server
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's We…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20543
|
2024-11-21 14:46 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201149
|
4.3 |
MEDIUM
Network
|
ibm
|
jazz_team_server
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-20421
|
2024-11-21 14:46 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201150
|
5.3 |
MEDIUM
Network
|
ibm
|
jazz_team_server
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could explo…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-20355
|
2024-11-21 14:46 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
