|
199371
|
7.2 |
HIGH
Network
|
weseek
|
growi
|
Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code ex…
|
CWE-20
Improper Input Validation
|
CVE-2021-20671
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199372
|
7.5 |
HIGH
Network
|
weseek
|
growi
|
Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via un…
|
NVD-CWE-Other
|
CVE-2021-20670
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199373
|
4.7 |
MEDIUM
Network
|
weseek
|
growi
|
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.
|
CWE-22
Path Traversal
|
CVE-2021-20669
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199374
|
2.7 |
LOW
Network
|
weseek
|
growi
|
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.
|
CWE-22
Path Traversal
|
CVE-2021-20668
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199375
|
5.4 |
MEDIUM
Network
|
weseek
|
growi
|
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitra…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20667
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199376
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. T…
|
CWE-674
Uncontrolled Recursion
|
CVE-2021-20255
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199377
|
5.5 |
MEDIUM
Local
|
imagemagick
redhat
fedoraproject
debian
|
imagemagick
enterprise_linux
fedora
debian_linux
|
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero…
|
-
|
CVE-2021-20246
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199378
|
5.5 |
MEDIUM
Local
|
imagemagick
redhat
fedoraproject
debian
|
imagemagick
enterprise_linux
fedora
debian_linux
|
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The hi…
|
-
|
CVE-2021-20245
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199379
|
5.5 |
MEDIUM
Local
|
imagemagick
redhat
fedoraproject
debian
|
imagemagick
enterprise_linux
fedora
debian_linux
|
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division b…
|
-
|
CVE-2021-20244
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199380
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw all…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2021-20268
|
2024-11-21 14:46 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
