|
195001
|
9.8 |
CRITICAL
Network
|
bosch
|
rexroth_indramotion_mlc_l20_firmware
rexroth_indramotion_mlc_l40_firmware
rexroth_indramotion_mlc_l25_firmware
rexroth_indramotion_mlc_l45_firmware
rexroth_indramotion_mlc_l65_firmware
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to…
|
CWE-287
Improper Authentication
|
CVE-2021-23857
|
2024-11-21 14:51 |
2021-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
195002
|
7.5 |
HIGH
Network
|
handsontable
|
handsontable
|
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2021-23446
|
2024-11-21 14:51 |
2021-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195003
|
6.1 |
MEDIUM
Network
|
datatables
|
datatables.net
|
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
|
CWE-79
Cross-site Scripting
|
CVE-2021-23445
|
2024-11-21 14:51 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195004
|
7.8 |
HIGH
Local
|
google
|
android
|
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.
|
NVD-CWE-noinfo
|
CVE-2021-23243
|
2024-11-21 14:51 |
2021-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195005
|
6.1 |
MEDIUM
Network
|
f5
|
big-ip_access_policy_manager
|
On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resourc…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23054
|
2024-11-21 14:51 |
2021-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195006
|
5.4 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"
|
CWE-352
Origin Validation Error
|
CVE-2021-22953
|
2024-11-21 14:51 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195007
|
8.8 |
HIGH
Network
|
ui
|
unifi_talk
|
A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said networ…
|
NVD-CWE-noinfo
|
CVE-2021-22952
|
2024-11-21 14:51 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195008
|
6.5 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"
|
CWE-352
Origin Validation Error
|
CVE-2021-22950
|
2024-11-21 14:51 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195009
|
5.4 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Researc…
|
CWE-352
Origin Validation Error
|
CVE-2021-22949
|
2024-11-21 14:51 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195010
|
7.1 |
HIGH
Network
|
revive-adserver
|
revive_adserver
|
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be …
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2021-22948
|
2024-11-21 14:51 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
