|
194691
|
5.9 |
MEDIUM
Network
|
timelybills
|
timelybills
|
Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due …
|
CWE-459
Incomplete Cleanup
|
CVE-2021-26833
|
2024-11-21 14:56 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194692
|
5.5 |
MEDIUM
Local
|
kaspersky
|
internet_security
|
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.
|
CWE-863
Incorrect Authorization
|
CVE-2021-26718
|
2024-11-21 14:56 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194693
|
6.5 |
MEDIUM
Network
|
hpe
|
superdome_flex_server_firmware
|
A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarc…
|
NVD-CWE-noinfo
|
CVE-2021-26581
|
2024-11-21 14:56 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194694
|
6.1 |
MEDIUM
Network
|
hpe
|
integrated_lights-out_amplifier
|
A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following sof…
|
CWE-79
Cross-site Scripting
|
CVE-2021-26580
|
2024-11-21 14:56 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194695
|
5.5 |
MEDIUM
Local
|
hpe
|
unified_data_management
|
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2021-26579
|
2024-11-21 14:56 |
2021-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194696
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-816_firmware
|
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWif…
|
CWE-78
OS Command
|
CVE-2021-26810
|
2024-11-21 14:56 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194697
|
9.8 |
CRITICAL
Network
|
mitel
|
micontact_center_enterprise
|
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploi…
|
NVD-CWE-Other
|
CVE-2021-26714
|
2024-11-21 14:56 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194698
|
6.5 |
MEDIUM
Network
|
nokia
|
netact
|
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dange…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-26597
|
2024-11-21 14:56 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194699
|
5.4 |
MEDIUM
Network
|
nokia
|
netact
|
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The mo…
|
CWE-79
Cross-site Scripting
|
CVE-2021-26596
|
2024-11-21 14:56 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194700
|
9.1 |
CRITICAL
Network
|
mitreid
|
connect
|
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri pa…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-26715
|
2024-11-21 14:56 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
