|
194341
|
7.5 |
HIGH
Network
|
scrapbox-parser_project
|
scrapbox-parser
|
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-27405
|
2024-11-21 14:57 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194342
|
6.1 |
MEDIUM
Network
|
asus
|
askey_rtf8115vw_firmware
|
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.
|
CWE-601
Open Redirect
|
CVE-2021-27404
|
2024-11-21 14:57 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194343
|
6.1 |
MEDIUM
Network
|
asus
|
askey_rtf8115vw_firmware
|
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2021-27403
|
2024-11-21 14:57 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194344
|
5.9 |
MEDIUM
Network
|
digium
|
certified_asterisk
asterisk
|
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 1…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2021-26906
|
2024-11-21 14:57 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194345
|
9.8 |
CRITICAL
Network
|
kollectapp
|
kollect
|
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-27335
|
2024-11-21 14:57 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194346
|
10.0 |
CRITICAL
Network
|
frendi
|
frendica
|
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-27329
|
2024-11-21 14:57 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194347
|
7.8 |
HIGH
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privil…
|
NVD-CWE-Other
|
CVE-2021-27379
|
2024-11-21 14:57 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194348
|
9.8 |
CRITICAL
Network
|
rand_core_project
|
rand_core
|
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too …
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2021-27378
|
2024-11-21 14:57 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194349
|
9.8 |
CRITICAL
Network
|
yottadb
|
yottadb
|
An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.
|
CWE-416
Use After Free
|
CVE-2021-27377
|
2024-11-21 14:57 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194350
|
9.8 |
CRITICAL
Network
|
nb-connect_project
|
nb-connect
|
An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::S…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2021-27376
|
2024-11-21 14:57 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
