|
200451
|
4.3 |
MEDIUM
Network
|
ibm
|
jazz_team_server
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-20544
|
2024-11-21 14:46 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200452
|
5.4 |
MEDIUM
Network
|
ibm
|
jazz_team_server
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's We…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20543
|
2024-11-21 14:46 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200453
|
4.3 |
MEDIUM
Network
|
ibm
|
jazz_team_server
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-20421
|
2024-11-21 14:46 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200454
|
5.3 |
MEDIUM
Network
|
ibm
|
jazz_team_server
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could explo…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-20355
|
2024-11-21 14:46 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200455
|
7.5 |
HIGH
Network
|
ibm
|
cloud_pak_system
|
IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 19749…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2021-20479
|
2024-11-21 14:46 |
2022-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200456
|
6.5 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
|
CWE-776
XML Entity Expansion
|
CVE-2021-20464
|
2024-11-21 14:46 |
2022-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200457
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to i…
|
CWE-125
Out-of-bounds Read
|
CVE-2021-20295
|
2024-11-21 14:46 |
2022-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200458
|
3.7 |
LOW
Network
|
redhat
|
openshift_container_platform
openshift_machine-config-operator
|
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-20238
|
2024-11-21 14:46 |
2022-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200459
|
6.1 |
MEDIUM
Network
|
redhat
|
keycloak
|
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20323
|
2024-11-21 14:46 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200460
|
6.1 |
MEDIUM
Local
|
theforeman
|
openscap
|
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw…
|
CWE-863
Incorrect Authorization
|
CVE-2021-20290
|
2024-11-21 14:46 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
