|
195561
|
5.4 |
MEDIUM
Network
|
hr_portal_project
|
hr_portal
|
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, fu…
|
NVD-CWE-Other
|
CVE-2021-22853
|
2024-11-21 14:50 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195562
|
7.5 |
HIGH
Network
|
google
|
gerrit
|
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead …
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2021-22553
|
2024-11-21 14:50 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195563
|
8.8 |
HIGH
Network
|
changjia_property_management_system_project
|
changjia_property_management_system
|
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-22858
|
2024-11-21 14:50 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195564
|
7.5 |
HIGH
Network
|
changjia_property_management_system_project
|
changjia_property_management_system
|
The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.
|
CWE-22
Path Traversal
|
CVE-2021-22857
|
2024-11-21 14:50 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195565
|
7.5 |
HIGH
Network
|
changjia_property_management_system_project
|
changjia_property_management_system
|
The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.
|
CWE-89
SQL Injection
|
CVE-2021-22856
|
2024-11-21 14:50 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195566
|
9.8 |
CRITICAL
Network
|
microfocus
|
operations_bridge_manager
|
Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could…
|
NVD-CWE-noinfo
|
CVE-2021-22504
|
2024-11-21 14:50 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195567
|
9.8 |
CRITICAL
Network
|
advantech
|
iview
|
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
|
CWE-89
SQL Injection
|
CVE-2021-22658
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195568
|
6.1 |
MEDIUM
Network
|
rubyonrails
fedoraproject
|
rails
fedora
|
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" forma…
|
CWE-601
Open Redirect
|
CVE-2021-22881
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195569
|
7.5 |
HIGH
Network
|
rubyonrails
fedoraproject
|
rails
fedora
|
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validat…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22880
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195570
|
7.5 |
HIGH
Network
|
advantech
|
iview
|
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
|
CWE-22
Path Traversal
|
CVE-2021-22656
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
