|
195491
|
7.8 |
HIGH
Local
|
criticalmanufacturing
|
cncsoft-b
|
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-22664
|
2024-11-21 14:50 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195492
|
7.8 |
HIGH
Local
|
criticalmanufacturing
|
cncsoft-b
|
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
|
-
|
CVE-2021-22660
|
2024-11-21 14:50 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195493
|
8.8 |
HIGH
Network
|
advantech
|
webaccess\/scada
|
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an adm…
|
-
|
CVE-2021-22669
|
2024-11-21 14:50 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195494
|
7.8 |
HIGH
Local
|
hornerautomation
|
cscape
|
Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify…
|
NVD-CWE-Other
|
CVE-2021-22682
|
2024-11-21 14:50 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195495
|
7.8 |
HIGH
Local
|
hornerautomation
|
cscape
|
Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability t…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-22678
|
2024-11-21 14:50 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195496
|
10.0 |
CRITICAL
Network
|
ivanti
|
connect_secure
|
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect …
|
CWE-416
Use After Free
|
CVE-2021-22893
|
2024-11-21 14:50 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195497
|
6.1 |
MEDIUM
Network
|
dart
|
dart_software_development_kit
|
Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not san…
|
CWE-79
Cross-site Scripting
|
CVE-2021-22540
|
2024-11-21 14:50 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195498
|
7.8 |
HIGH
Local
|
google
|
bazel
|
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-22539
|
2024-11-21 14:50 |
2021-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195499
|
8.8 |
HIGH
Network
|
nextcloud
fedoraproject
|
desktop
fedora
|
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed fo…
|
CWE-74
Injection
|
CVE-2021-22879
|
2024-11-21 14:50 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195500
|
7.2 |
HIGH
Network
|
schneider-electric
|
c-bus_toolkit
|
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restor…
|
-
|
CVE-2021-22720
|
2024-11-21 14:50 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
