|
194661
|
7.5 |
HIGH
Network
|
cesnet
|
libyang
|
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead …
|
CWE-252
Unchecked Return Value
|
CVE-2021-28904
|
2024-11-21 15:00 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194662
|
7.5 |
HIGH
Network
|
cesnet
|
libyang
|
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and le…
|
CWE-674
Uncontrolled Recursion
|
CVE-2021-28903
|
2024-11-21 15:00 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194663
|
7.5 |
HIGH
Network
|
cesnet
|
libyang
|
In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->f…
|
CWE-252
Unchecked Return Value
|
CVE-2021-28902
|
2024-11-21 15:00 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194664
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
|
CWE-617
Reachable Assertion
|
CVE-2021-29258
|
2024-11-21 15:00 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194665
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
|
CWE-476
NULL Pointer Dereference
|
CVE-2021-28683
|
2024-11-21 15:00 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194666
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2021-28682
|
2024-11-21 15:00 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194667
|
7.5 |
HIGH
Network
|
invoiceplane
|
invoiceplane
|
In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private with…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2021-29024
|
2024-11-21 15:00 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194668
|
5.3 |
MEDIUM
Network
|
invoiceplane
|
invoiceplane
|
InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2021-29023
|
2024-11-21 15:00 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194669
|
4.3 |
MEDIUM
Network
|
liferay
|
dxp
liferay_portal
|
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDe…
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-29052
|
2024-11-21 15:00 |
2021-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194670
|
6.1 |
MEDIUM
Network
|
liferay
|
dxp
liferay_portal
|
Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before…
|
CWE-79
Cross-site Scripting
|
CVE-2021-29051
|
2024-11-21 15:00 |
2021-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
