|
199971
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled
|
CWE-863
Incorrect Authorization
|
CVE-2021-22240
|
2024-11-21 14:49 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199972
|
7.8 |
HIGH
Local
|
codesys
|
development_system
|
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21863
|
2024-11-21 14:49 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199973
|
7.5 |
HIGH
Network
|
fortinet
|
fortisandbox
fortiauthenticator
|
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator b…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22124
|
2024-11-21 14:49 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199974
|
7.8 |
HIGH
Local
|
codesys
|
development_system
|
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafte…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21866
|
2024-11-21 14:49 |
2021-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199975
|
7.8 |
HIGH
Local
|
codesys
|
development_system
|
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can le…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21865
|
2024-11-21 14:49 |
2021-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199976
|
7.8 |
HIGH
Local
|
codesys
|
development_system
|
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially cra…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21864
|
2024-11-21 14:49 |
2021-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199977
|
6.5 |
MEDIUM
Network
|
elastic
oracle
|
elasticsearch
communications_cloud_native_core_automated_test_suite
|
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with t…
|
CWE-674
Uncontrolled Recursion
|
CVE-2021-22144
|
2024-11-21 14:49 |
2021-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199978
|
7.5 |
HIGH
Network
|
cloudfoundry
|
user_account_and_authentication
cf-deployment
|
In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent t…
|
NVD-CWE-noinfo
|
CVE-2021-22001
|
2024-11-21 14:49 |
2021-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199979
|
7.5 |
HIGH
Network
|
elastic
|
elasticsearch
|
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unab…
|
NVD-CWE-Other
|
CVE-2021-22146
|
2024-11-21 14:49 |
2021-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199980
|
6.5 |
MEDIUM
Network
|
elastic
oracle
|
elasticsearch
communications_cloud_native_core_automated_test_suite
|
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-22145
|
2024-11-21 14:49 |
2021-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
