|
195911
|
9.8 |
CRITICAL
Network
|
f5
|
big-ip_access_policy_manager
|
On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypas…
|
CWE-287
Improper Authentication
|
CVE-2021-23008
|
2024-11-21 14:51 |
2021-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195912
|
9.8 |
CRITICAL
Network
|
handlebarsjs
netapp
|
handlebars
e-series_performance_analyzer
|
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23383
|
2024-11-21 14:51 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195913
|
7.5 |
HIGH
Network
|
path-parse_project
|
path-parse
|
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-…
|
NVD-CWE-noinfo
|
CVE-2021-23343
|
2024-11-21 14:51 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195914
|
5.3 |
MEDIUM
Network
|
browserslist_project
|
browserslist
|
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2021-23364
|
2024-11-21 14:51 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195915
|
7.5 |
HIGH
Network
|
postcss
|
postcss
|
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused …
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2021-23382
|
2024-11-21 14:51 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195916
|
9.1 |
CRITICAL
Network
|
tyk
|
tyk-identity-broker
|
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the X…
|
CWE-287
Improper Authentication
|
CVE-2021-23365
|
2024-11-21 14:51 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195917
|
9.8 |
CRITICAL
Network
|
killing_project
|
killing
|
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec fu…
|
CWE-78
OS Command
|
CVE-2021-23381
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195918
|
7.3 |
HIGH
Network
|
roar-pidusage_project
|
roar-pidusage
|
This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exe…
|
CWE-78
OS Command
|
CVE-2021-23380
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195919
|
9.8 |
CRITICAL
Network
|
portkiller_project
|
portkiller
|
This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process ex…
|
CWE-78
OS Command
|
CVE-2021-23379
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195920
|
9.8 |
CRITICAL
Network
|
picotts_project
|
picotts
|
This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the c…
|
CWE-78
OS Command
|
CVE-2021-23378
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
