|
199071
|
9.8 |
CRITICAL
Network
|
wincred_project
|
wincred
|
This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to us…
|
CWE-78
OS Command
|
CVE-2021-23399
|
2024-11-21 14:51 |
2021-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199072
|
6.1 |
MEDIUM
Network
|
react-bootstrap-table_project
|
react-bootstrap-table
|
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23398
|
2024-11-21 14:51 |
2021-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199073
|
5.9 |
MEDIUM
Network
|
bosch
|
b426_firmware
|
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Fir…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-23846
|
2024-11-21 14:51 |
2021-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199074
|
8.8 |
HIGH
Network
|
bosch
|
b426_firmware
b426-cn_firmware
b429-cn_firmware
b426-m_firmware
|
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found durin…
|
NVD-CWE-noinfo
|
CVE-2021-23845
|
2024-11-21 14:51 |
2021-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199075
|
9.8 |
CRITICAL
Network
|
lutils_project
|
lutils
|
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23396
|
2024-11-21 14:51 |
2021-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199076
|
5.3 |
MEDIUM
Network
|
nedb_project
|
nedb
|
This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23395
|
2024-11-21 14:51 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199077
|
9.8 |
CRITICAL
Network
|
std42
|
elfinder
|
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-23394
|
2024-11-21 14:51 |
2021-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199078
|
4.3 |
MEDIUM
Network
|
gallagher
|
command_centre
|
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects…
|
CWE-89
SQL Injection
|
CVE-2021-23230
|
2024-11-21 14:51 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199079
|
4.4 |
MEDIUM
Local
|
gallagher
|
command_centre
|
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affe…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-23211
|
2024-11-21 14:51 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199080
|
8.1 |
HIGH
Network
|
gallagher
|
command_centre
|
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2021-23205
|
2024-11-21 14:51 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
