|
198911
|
6.8 |
MEDIUM
Physics
|
netgear
|
r6700_firmware
|
Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a ser…
|
CWE-287
Improper Authentication
|
CVE-2021-23147
|
2024-11-21 14:51 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198912
|
7.5 |
HIGH
Network
|
celeryproject
fedoraproject
|
celery
fedora
extra_packages_for_enterprise_linux
|
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized.…
|
CWE-77
Command Injection
|
CVE-2021-23727
|
2024-11-21 14:51 |
2021-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198913
|
7.8 |
HIGH
Local
|
oppo
|
coloros
|
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same…
|
NVD-CWE-Other
|
CVE-2021-23244
|
2024-11-21 14:51 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198914
|
9.8 |
CRITICAL
Network
|
js-data
|
js-data
|
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-10236…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23574
|
2024-11-21 14:51 |
2021-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198915
|
7.5 |
HIGH
Network
|
parse-link-header_project
|
parse-link-header
|
The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2021-23490
|
2024-11-21 14:51 |
2021-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198916
|
8.8 |
HIGH
Network
|
iris-go
|
iris
|
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may ena…
|
CWE-59
Link Following
|
CVE-2021-23772
|
2024-11-21 14:51 |
2021-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198917
|
9.8 |
CRITICAL
Network
|
myscada
|
mypro
|
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
|
-
|
CVE-2021-23198
|
2024-11-21 14:51 |
2021-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198918
|
8.2 |
HIGH
Local
|
nvidia
|
geforce_experience
|
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user inte…
|
CWE-863
Incorrect Authorization
|
CVE-2021-23175
|
2024-11-21 14:51 |
2021-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198919
|
6.1 |
MEDIUM
Network
|
deltaww
|
diaenergie
|
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
|
-
|
CVE-2021-23228
|
2024-11-21 14:51 |
2021-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198920
|
9.8 |
CRITICAL
Network
|
nette
|
latte
|
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of cer…
|
CWE-863
Incorrect Authorization
|
CVE-2021-23803
|
2024-11-21 14:51 |
2021-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
