|
195351
|
8.2 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to …
|
CWE-611
XXE
|
CVE-2021-20353
|
2024-11-21 14:46 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195352
|
5.4 |
MEDIUM
Network
|
wekan_project
|
wekan
|
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20654
|
2024-11-21 14:46 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195353
|
6.5 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_automation
|
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-20359
|
2024-11-21 14:46 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195354
|
6.5 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_automation
|
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-20358
|
2024-11-21 14:46 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195355
|
5.5 |
MEDIUM
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior…
|
-
|
CVE-2021-20176
|
2024-11-21 14:46 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195356
|
8.8 |
HIGH
Network
|
name_directory_project
|
name_directory
|
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2021-20652
|
2024-11-21 14:46 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195357
|
9.8 |
CRITICAL
Network
|
panasonic
|
video_insight_vms
|
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20623
|
2024-11-21 14:46 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195358
|
5.9 |
MEDIUM
Network
|
podman_project
|
podman
|
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) c…
|
-
|
CVE-2021-20199
|
2024-11-21 14:46 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195359
|
7.5 |
HIGH
Network
|
mitsubishielectric
|
rv2fr_firmware
rv2frl_firmware
rv4fr_firmware
rv4frl_firmware
rv7fr_firmware
rv7frl_firmware
rv7frll_firmware
rv13fr_firmware
rv13frl_firmware
rv20fr_firmware
rh1frhr_fi…
|
Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, control…
|
NVD-CWE-noinfo
|
CVE-2021-20586
|
2024-11-21 14:46 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195360
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of serv…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2021-20185
|
2024-11-21 14:46 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
