|
195431
|
7.8 |
HIGH
Local
|
google
|
chrome
|
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
|
CWE-362
CWE-59
Race Condition
Link Following
|
CVE-2021-21117
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195432
|
7.5 |
HIGH
Network
|
marked_project
|
marked
|
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. Thi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-21306
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195433
|
4.3 |
MEDIUM
Network
|
carrierwave_project
|
carrierwave
|
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF …
|
-
|
CVE-2021-21288
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195434
|
8.8 |
HIGH
Network
|
carrierwave_project
|
carrierwave
|
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulner…
|
CWE-94
Code Injection
|
CVE-2021-21305
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195435
|
5.5 |
MEDIUM
Local
|
netty
debian
quarkus
oracle
netapp
|
netty
debian_linux
quarkus
banking_trade_finance_process_management
banking_credit_facilities_process_management
banking_corporate_lending_process_management
nosql_database
commu…
|
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Fina…
|
-
|
CVE-2021-21290
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195436
|
7.5 |
HIGH
Network
|
httplib2_project
|
httplib2
|
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header…
|
-
|
CVE-2021-21240
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195437
|
9.8 |
CRITICAL
Network
|
dynamoosejs
|
dynamoose
|
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-21304
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195438
|
6.8 |
MEDIUM
Network
|
helm
|
helm
|
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from versio…
|
-
|
CVE-2021-21303
|
2024-11-21 14:47 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195439
|
6.1 |
MEDIUM
Network
|
adobe
|
adobe_consulting_services_commons
|
ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correc…
|
-
|
CVE-2021-21043
|
2024-11-21 14:47 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195440
|
7.5 |
HIGH
Network
|
typelevel
|
http4s
|
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-ser…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2021-21294
|
2024-11-21 14:47 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
