|
199861
|
9.6 |
CRITICAL
Network
|
redhat
|
keycloak
|
A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encod…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2021-20195
|
2024-11-21 14:46 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199862
|
6.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a blo…
|
-
|
CVE-2021-20196
|
2024-11-21 14:46 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199863
|
5.5 |
MEDIUM
Local
|
gnome
redhat
fedoraproject
|
networkmanager
enterprise_linux
openshift_container_platform
fedora
|
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.
|
CWE-20
Improper Input Validation
|
CVE-2021-20297
|
2024-11-21 14:46 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199864
|
5.5 |
MEDIUM
Local
|
oracle
redhat
|
virtualization
ansible_tower
google_cloud_platform_ansible_collection
cisco_nx-os_collection
ansible
community_general_collection
community_network_collection
docker_community_co…
|
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage o…
|
-
|
CVE-2021-20191
|
2024-11-21 14:46 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199865
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can pa…
|
-
|
CVE-2021-20177
|
2024-11-21 14:46 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199866
|
8.2 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vu…
|
CWE-611
XXE
|
CVE-2021-20492
|
2024-11-21 14:46 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199867
|
9.1 |
CRITICAL
Network
|
ibm
|
power9_system_firmware
scale-out_lc_system_firmware
|
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2021-20487
|
2024-11-21 14:46 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199868
|
6.5 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_data
|
IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.
|
NVD-CWE-noinfo
|
CVE-2021-20486
|
2024-11-21 14:46 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199869
|
5.5 |
MEDIUM
Local
|
redhat
fedoraproject
|
ansible_tower
ansible
fedora
|
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw…
|
-
|
CVE-2021-20178
|
2024-11-21 14:46 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199870
|
7.5 |
HIGH
Network
|
privoxy
|
privoxy
|
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2021-20209
|
2024-11-21 14:46 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
