|
195851
|
5.5 |
MEDIUM
Local
|
linux
oracle
|
linux_kernel
tekelec_platform_distribution
|
A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the sys…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2021-20265
|
2024-11-21 14:46 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195852
|
4.8 |
MEDIUM
Network
|
weseek
|
growi
|
Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vecto…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20673
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195853
|
6.1 |
MEDIUM
Network
|
weseek
|
growi
|
Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20672
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195854
|
7.2 |
HIGH
Network
|
weseek
|
growi
|
Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code ex…
|
CWE-20
Improper Input Validation
|
CVE-2021-20671
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195855
|
7.5 |
HIGH
Network
|
weseek
|
growi
|
Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via un…
|
NVD-CWE-Other
|
CVE-2021-20670
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195856
|
4.7 |
MEDIUM
Network
|
weseek
|
growi
|
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.
|
CWE-22
Path Traversal
|
CVE-2021-20669
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195857
|
2.7 |
LOW
Network
|
weseek
|
growi
|
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.
|
CWE-22
Path Traversal
|
CVE-2021-20668
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195858
|
5.4 |
MEDIUM
Network
|
weseek
|
growi
|
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitra…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20667
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195859
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. T…
|
CWE-674
Uncontrolled Recursion
|
CVE-2021-20255
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195860
|
5.5 |
MEDIUM
Local
|
imagemagick
redhat
fedoraproject
debian
|
imagemagick
enterprise_linux
fedora
debian_linux
|
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero…
|
-
|
CVE-2021-20246
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
