|
195921
|
9.8 |
CRITICAL
Network
|
advantech
|
iview
|
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
|
CWE-89
SQL Injection
|
CVE-2021-22658
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195922
|
6.1 |
MEDIUM
Network
|
rubyonrails
fedoraproject
|
rails
fedora
|
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" forma…
|
CWE-601
Open Redirect
|
CVE-2021-22881
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195923
|
7.5 |
HIGH
Network
|
rubyonrails
fedoraproject
|
rails
fedora
|
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validat…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22880
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195924
|
7.5 |
HIGH
Network
|
advantech
|
iview
|
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
|
CWE-22
Path Traversal
|
CVE-2021-22656
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195925
|
7.5 |
HIGH
Network
|
advantech
|
iview
|
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
|
CWE-89
SQL Injection
|
CVE-2021-22654
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195926
|
9.8 |
CRITICAL
Network
|
advantech
|
iview
|
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
|
-
|
CVE-2021-22652
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195927
|
7.8 |
HIGH
Local
|
siemens
hornerautomation
|
cscape
|
Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerabi…
|
CWE-125
Out-of-bounds Read
|
CVE-2021-22663
|
2024-11-21 14:50 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195928
|
9.8 |
CRITICAL
Network
|
microfocus
|
operation_bridge_reporter
|
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR ser…
|
CWE-78
OS Command
|
CVE-2021-22502
|
2024-11-21 14:50 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195929
|
6.5 |
MEDIUM
Network
|
microfocus
|
application_performance_management
|
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick t…
|
CWE-352
Origin Validation Error
|
CVE-2021-22500
|
2024-11-21 14:50 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195930
|
4.8 |
MEDIUM
Network
|
microfocus
|
application_performance_management
|
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2021-22499
|
2024-11-21 14:50 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
