|
195211
|
7.2 |
HIGH
Network
|
concretecms
|
concrete_cms
|
A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload featur…
|
CWE-330
CWE-434
Use of Insufficiently Random Values
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-22968
|
2024-11-21 14:51 |
2021-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195212
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate…
|
CWE-863
Incorrect Authorization
|
CVE-2021-22966
|
2024-11-21 14:51 |
2021-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195213
|
7.5 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-22951
|
2024-11-21 14:51 |
2021-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195214
|
7.8 |
HIGH
Local
|
gallagher
|
command_centre
|
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gall…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-23197
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195215
|
6.5 |
MEDIUM
Network
|
gallagher
|
command_centre
|
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre S…
|
CWE-269
Improper Privilege Management
|
CVE-2021-23193
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195216
|
6.8 |
MEDIUM
Network
|
gallagher
|
command_centre
|
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Ce…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-23167
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195217
|
8.1 |
HIGH
Network
|
gallagher
|
command_centre_mobile_connect
|
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre …
|
CWE-295
Improper Certificate Validation
|
CVE-2021-23162
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195218
|
6.8 |
MEDIUM
Network
|
gallagher
|
command_centre_mobile_client
|
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre M…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-23155
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195219
|
7.5 |
HIGH
Network
|
gallagher
|
command_centre
|
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior…
|
CWE-697
Incorrect Comparison
|
CVE-2021-23146
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195220
|
6.5 |
MEDIUM
Network
|
llhttp
oracle
debian
|
llhttp
graalvm
debian_linux
|
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
|
CWE-444
HTTP Request Smuggling
|
CVE-2021-22959
|
2024-11-21 14:51 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
