|
195041
|
9.8 |
CRITICAL
Network
|
config-handler_project
|
config-handler
|
All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23448
|
2024-11-21 14:51 |
2021-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195042
|
6.1 |
MEDIUM
Network
|
teddy_project
|
teddy
|
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
|
CWE-843
Type Confusion
|
CVE-2021-23447
|
2024-11-21 14:51 |
2021-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195043
|
9.8 |
CRITICAL
Network
|
concretecms
|
concrete_cms
|
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction wit…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-22958
|
2024-11-21 14:51 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195044
|
6.1 |
MEDIUM
Network
|
bosch
|
rexroth_indramotion_mlc_l20_firmware
rexroth_indramotion_mlc_l40_firmware
|
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.
|
CWE-79
Cross-site Scripting
|
CVE-2021-23856
|
2024-11-21 14:51 |
2021-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195045
|
7.5 |
HIGH
Network
|
bosch
|
rexroth_indramotion_xlc_firmware
rexroth_indramotion_mlc_firmware
|
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2021-23855
|
2024-11-21 14:51 |
2021-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195046
|
7.5 |
HIGH
Network
|
bosch
|
rexroth_indramotion_mlc_l20_firmware
rexroth_indramotion_mlc_l40_firmware
rexroth_indramotion_mlc_l25_firmware
rexroth_indramotion_mlc_l45_firmware
rexroth_indramotion_mlc_l65_firmware
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-23858
|
2024-11-21 14:51 |
2021-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
195047
|
9.8 |
CRITICAL
Network
|
bosch
|
rexroth_indramotion_mlc_l20_firmware
rexroth_indramotion_mlc_l40_firmware
rexroth_indramotion_mlc_l25_firmware
rexroth_indramotion_mlc_l45_firmware
rexroth_indramotion_mlc_l65_firmware
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to…
|
CWE-287
Improper Authentication
|
CVE-2021-23857
|
2024-11-21 14:51 |
2021-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
195048
|
7.5 |
HIGH
Network
|
handsontable
|
handsontable
|
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2021-23446
|
2024-11-21 14:51 |
2021-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195049
|
6.1 |
MEDIUM
Network
|
datatables
|
datatables.net
|
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
|
CWE-79
Cross-site Scripting
|
CVE-2021-23445
|
2024-11-21 14:51 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195050
|
7.8 |
HIGH
Local
|
google
|
android
|
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.
|
NVD-CWE-noinfo
|
CVE-2021-23243
|
2024-11-21 14:51 |
2021-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
