|
199281
|
8.8 |
HIGH
Network
|
librecad
debian
fedoraproject
|
libdxfrw
debian_linux
fedora
|
A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability.…
|
-
|
CVE-2021-21900
|
2024-11-21 14:49 |
2021-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199282
|
8.8 |
HIGH
Network
|
librecad
fedoraproject
debian
|
libdxfrw
fedora
debian_linux
|
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow…
|
-
|
CVE-2021-21899
|
2024-11-21 14:49 |
2021-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199283
|
6.5 |
MEDIUM
Network
|
greenplum
|
greenplum
|
In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-22030
|
2024-11-21 14:49 |
2021-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199284
|
9.1 |
CRITICAL
Network
|
greenplum
|
greenplum
|
In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user …
|
CWE-22
Path Traversal
|
CVE-2021-22028
|
2024-11-21 14:49 |
2021-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199285
|
8.8 |
HIGH
Network
|
vmware
|
spring_cloud_netflix
|
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view t…
|
CWE-94
Code Injection
|
CVE-2021-22053
|
2024-11-21 14:49 |
2021-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199286
|
8.8 |
HIGH
Network
|
vmware
|
vcenter_server
cloud_foundation
|
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter S…
|
NVD-CWE-noinfo
|
CVE-2021-22048
|
2024-11-21 14:49 |
2021-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199287
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_cloud_gateway
|
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following …
|
CWE-863
Incorrect Authorization
|
CVE-2021-22051
|
2024-11-21 14:49 |
2021-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199288
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all version…
|
CWE-79
Cross-site Scripting
|
CVE-2021-22260
|
2024-11-21 14:49 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199289
|
8.8 |
HIGH
Network
|
vmware
|
installbuilder
|
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2021-22038
|
2024-11-21 14:49 |
2021-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199290
|
7.8 |
HIGH
Local
|
vmware
|
installbuilder
|
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the sea…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2021-22037
|
2024-11-21 14:49 |
2021-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
