|
195161
|
5.5 |
MEDIUM
Local
|
f5
|
nginx_controller
|
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2021-23020
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195162
|
7.8 |
HIGH
Local
|
f5
|
nginx_controller
|
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-23019
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195163
|
7.7 |
HIGH
Network
|
f5
openresty
fedoraproject
netapp
oracle
|
nginx
openresty
fedora
ontap_select_deploy_administration_utility
communications_operations_monitor
enterprise_session_border_controller
communications_session_border_controller
…
|
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process cra…
|
-
|
CVE-2021-23017
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195164
|
7.4 |
HIGH
Network
|
f5
|
nginx_controller
|
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-23018
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195165
|
6.1 |
MEDIUM
Network
|
trailing-slash_project
|
trailing-slash
|
The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker…
|
CWE-601
Open Redirect
|
CVE-2021-23387
|
2024-11-21 14:51 |
2021-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195166
|
6.5 |
MEDIUM
Network
|
dns-packet_project
|
dns-packet
|
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over un…
|
CWE-909
Missing Initialization of Resource
|
CVE-2021-23386
|
2024-11-21 14:51 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195167
|
5.4 |
MEDIUM
Network
|
koa-remove-trailing-slashes_project
|
koa-remove-trailing-slashes
|
The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.…
|
CWE-601
Open Redirect
|
CVE-2021-23384
|
2024-11-21 14:51 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195168
|
5.5 |
MEDIUM
Local
|
argoproj
|
argo_cd
|
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo C…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-23135
|
2024-11-21 14:51 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195169
|
7.8 |
HIGH
Local
|
linux
fedoraproject
debian
|
linux_kernel
fedora
debian_linux
|
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privi…
|
CWE-416
Use After Free
|
CVE-2021-23134
|
2024-11-21 14:51 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195170
|
7.8 |
HIGH
Local
|
mcafee
|
total_protection
|
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the …
|
CWE-59
Link Following
|
CVE-2021-23872
|
2024-11-21 14:51 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
