|
199491
|
3.3 |
LOW
Local
|
huawei
|
taurus-al00a_firmware
|
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by perf…
|
CWE-415
Double Free
|
CVE-2021-22303
|
2024-11-21 14:49 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199492
|
4.1 |
MEDIUM
Local
|
huawei
|
ecns280_td_firmware
|
There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allo…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-22300
|
2024-11-21 14:49 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199493
|
5.5 |
MEDIUM
Local
|
huawei
|
mate_30_firmware
|
There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to a…
|
NVD-CWE-noinfo
|
CVE-2021-22307
|
2024-11-21 14:49 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199494
|
6.7 |
MEDIUM
Local
|
huawei
|
mate_30_firmware
|
Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-22301
|
2024-11-21 14:49 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199495
|
7.8 |
HIGH
Local
|
proofpoint
|
insider_threat_management
|
Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-22159
|
2024-11-21 14:49 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199496
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
|
CWE-287
Improper Authentication
|
CVE-2021-22171
|
2024-11-21 14:49 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199497
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22168
|
2024-11-21 14:49 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199498
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
|
NVD-CWE-noinfo
|
CVE-2021-22167
|
2024-11-21 14:49 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199499
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22166
|
2024-11-21 14:49 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199500
|
4.8 |
MEDIUM
Network
|
elastic
oracle
|
elasticsearch
communications_cloud_native_core_automated_test_suite
|
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-22132
|
2024-11-21 14:49 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
