|
195941
|
8.8 |
HIGH
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user t…
|
CWE-352
Origin Validation Error
|
CVE-2021-20403
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195942
|
2.7 |
LOW
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informatio…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-20402
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195943
|
4.6 |
MEDIUM
Adjacent
|
mongodb
|
ops_manager
|
For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions p…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20335
|
2024-11-21 14:46 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195944
|
8.2 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to …
|
CWE-611
XXE
|
CVE-2021-20353
|
2024-11-21 14:46 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195945
|
5.4 |
MEDIUM
Network
|
wekan_project
|
wekan
|
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20654
|
2024-11-21 14:46 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195946
|
6.5 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_automation
|
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-20359
|
2024-11-21 14:46 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195947
|
6.5 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_automation
|
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-20358
|
2024-11-21 14:46 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195948
|
5.5 |
MEDIUM
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior…
|
-
|
CVE-2021-20176
|
2024-11-21 14:46 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195949
|
8.8 |
HIGH
Network
|
name_directory_project
|
name_directory
|
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2021-20652
|
2024-11-21 14:46 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195950
|
9.8 |
CRITICAL
Network
|
panasonic
|
video_insight_vms
|
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20623
|
2024-11-21 14:46 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
