|
196811
|
8.8 |
HIGH
Network
|
apache
|
druid
|
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by…
|
NVD-CWE-noinfo
|
CVE-2021-25646
|
2024-11-21 14:55 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196812
|
6.5 |
MEDIUM
Adjacent
|
zivautomation
|
4cct-ea6-334126bf_firmware
|
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an a…
|
CWE-287
Improper Authentication
|
CVE-2021-25910
|
2024-11-21 14:55 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196813
|
7.5 |
HIGH
Network
|
zivautomation
|
4cct-ea6-334126bf_firmware
|
ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vul…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-25909
|
2024-11-21 14:55 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196814
|
5.4 |
MEDIUM
Network
|
testes-codigo
|
testes_de_codigo
|
Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execut…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25647
|
2024-11-21 14:55 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196815
|
5.3 |
MEDIUM
Network
|
atlassian
|
bamboo
|
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp dir…
|
CWE-200
Information Exposure
|
CVE-2021-26067
|
2024-11-21 14:55 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196816
|
7.5 |
HIGH
Network
|
apache
netapp
|
activemq_artemis
oncommand_workflow_automation
|
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entir…
|
NVD-CWE-Other
|
CVE-2021-26118
|
2024-11-21 14:55 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196817
|
7.5 |
HIGH
Network
|
apache
netapp
debian
oracle
|
activemq
activemq_artemis
oncommand_workflow_automation
debian_linux
flexcube_private_banking
communications_session_report_manager
communications_element_manager
communications_…
|
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to ve…
|
CWE-287
Improper Authentication
|
CVE-2021-26117
|
2024-11-21 14:55 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196818
|
7.8 |
HIGH
Local
|
acdsee
|
photo_studio_2021
|
PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image.
|
CWE-863
Incorrect Authorization
|
CVE-2021-26026
|
2024-11-21 14:55 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196819
|
7.8 |
HIGH
Local
|
acdsee
|
photo_studio_2021
|
PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.
|
CWE-863
Incorrect Authorization
|
CVE-2021-26025
|
2024-11-21 14:55 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196820
|
7.5 |
HIGH
Network
|
fil-ocl_project
|
fil-ocl
|
An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.
|
CWE-415
Double Free
|
CVE-2021-25908
|
2024-11-21 14:55 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
