|
194671
|
7.8 |
HIGH
Local
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS.
|
NVD-CWE-noinfo
|
CVE-2021-29263
|
2024-11-21 15:00 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194672
|
5.3 |
MEDIUM
Network
|
invoiceplane
|
invoiceplane
|
In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-29022
|
2024-11-21 15:00 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194673
|
8.8 |
HIGH
Network
|
arm
|
bifrost_gpu_kernel_driver
valhall_gpu_kernel_driver
midgard_gpu_kernel_driver
|
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifro…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-28664
|
2024-11-21 15:00 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194674
|
8.8 |
HIGH
Network
|
arm
|
bifrost_gpu_kernel_driver
valhall_gpu_kernel_driver
midgard_gpu_kernel_driver
|
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0…
|
CWE-416
Use After Free
|
CVE-2021-28663
|
2024-11-21 15:00 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194675
|
7.5 |
HIGH
Network
|
stormshield
|
network_security
stormshield_network_security
|
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a deni…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2021-28665
|
2024-11-21 15:00 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194676
|
9.8 |
CRITICAL
Network
|
hp
|
edgeline_infrastructure_manager
|
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-29203
|
2024-11-21 15:00 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194677
|
7.5 |
HIGH
Network
|
esri
|
arcgis_geoevent_server
|
ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and…
|
CWE-22
Path Traversal
|
CVE-2021-29101
|
2024-11-21 15:00 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194678
|
7.8 |
HIGH
Local
|
esri
|
arcgis_earth
|
A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this v…
|
CWE-22
Path Traversal
|
CVE-2021-29100
|
2024-11-21 15:00 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194679
|
5.4 |
MEDIUM
Network
|
btcpayserver
|
btcpay_server
|
BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.
|
CWE-79
Cross-site Scripting
|
CVE-2021-29250
|
2024-11-21 15:00 |
2021-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194680
|
5.3 |
MEDIUM
Network
|
btcpayserver
|
btcpay_server
|
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2021-29248
|
2024-11-21 15:00 |
2021-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
