|
194751
|
9.8 |
CRITICAL
Network
|
johnsoncontrols
|
exacqvision_web_service
|
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
|
CWE-269
Improper Privilege Management
|
CVE-2021-27664
|
2024-11-21 14:58 |
2021-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194752
|
8.1 |
HIGH
Network
|
johnsoncontrols
|
kantech_kt-1_door_controller_firmware
|
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and inc…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2021-27662
|
2024-11-21 14:58 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194753
|
6.1 |
MEDIUM
Network
|
apache
|
zeppelin
|
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.…
|
CWE-79
Cross-site Scripting
|
CVE-2021-27578
|
2024-11-21 14:58 |
2021-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194754
|
5.3 |
MEDIUM
Network
|
hashicorp
|
vault
|
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-27668
|
2024-11-21 14:58 |
2021-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194755
|
6.1 |
MEDIUM
Network
|
easycorp
|
zentao
|
A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.
|
CWE-79
Cross-site Scripting
|
CVE-2021-27558
|
2024-11-21 14:58 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194756
|
4.3 |
MEDIUM
Network
|
easycorp
|
zentao
|
A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.
|
CWE-352
Origin Validation Error
|
CVE-2021-27557
|
2024-11-21 14:58 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194757
|
7.2 |
HIGH
Network
|
easycorp
|
zentao
|
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.
|
CWE-78
OS Command
|
CVE-2021-27556
|
2024-11-21 14:58 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194758
|
9.8 |
CRITICAL
Network
|
johnsoncontrols
|
ac2000_firmware
|
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Contr…
|
NVD-CWE-Other
|
CVE-2021-27663
|
2024-11-21 14:58 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194759
|
3.5 |
LOW
Network
|
acquia
|
mautic
|
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographicall…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2021-27913
|
2024-11-21 14:58 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194760
|
5.4 |
MEDIUM
Network
|
acquia
|
mautic
|
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can o…
|
CWE-79
Cross-site Scripting
|
CVE-2021-27912
|
2024-11-21 14:58 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
