|
195111
|
7.5 |
HIGH
Network
|
locutus
|
locutus
|
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function.
|
NVD-CWE-noinfo
|
CVE-2021-23392
|
2024-11-21 14:51 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195112
|
7.1 |
HIGH
Local
|
calipso_project
|
calipso
|
This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality.
|
CWE-22
Path Traversal
|
CVE-2021-23391
|
2024-11-21 14:51 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195113
|
5.3 |
MEDIUM
Network
|
forms_project
|
forms
|
The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.
|
NVD-CWE-noinfo
|
CVE-2021-23388
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195114
|
5.5 |
MEDIUM
Local
|
f5
|
nginx_controller
|
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-23021
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195115
|
5.5 |
MEDIUM
Local
|
f5
|
nginx_controller
|
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2021-23020
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195116
|
7.8 |
HIGH
Local
|
f5
|
nginx_controller
|
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-23019
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195117
|
7.7 |
HIGH
Network
|
f5
openresty
fedoraproject
netapp
oracle
|
nginx
openresty
fedora
ontap_select_deploy_administration_utility
communications_operations_monitor
enterprise_session_border_controller
communications_session_border_controller
…
|
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process cra…
|
-
|
CVE-2021-23017
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195118
|
7.4 |
HIGH
Network
|
f5
|
nginx_controller
|
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-23018
|
2024-11-21 14:51 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195119
|
6.1 |
MEDIUM
Network
|
trailing-slash_project
|
trailing-slash
|
The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker…
|
CWE-601
Open Redirect
|
CVE-2021-23387
|
2024-11-21 14:51 |
2021-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195120
|
6.5 |
MEDIUM
Network
|
dns-packet_project
|
dns-packet
|
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over un…
|
CWE-909
Missing Initialization of Resource
|
CVE-2021-23386
|
2024-11-21 14:51 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
