|
196001
|
4.9 |
MEDIUM
Network
|
supermicro-cms_project
|
supermicro-cms
|
An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.
|
NVD-CWE-noinfo
|
CVE-2021-25856
|
2024-11-21 14:55 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196002
|
5.3 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.
|
CWE-416
Use After Free
|
CVE-2021-25786
|
2024-11-21 14:55 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196003
|
6.1 |
MEDIUM
Network
|
emby
|
emby
|
Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25828
|
2024-11-21 14:55 |
2023-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196004
|
9.8 |
CRITICAL
Network
|
emby
|
emby
|
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2021-25827
|
2024-11-21 14:55 |
2023-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196005
|
7.8 |
HIGH
Local
|
kubernetes
|
kubernetes
|
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
|
NVD-CWE-noinfo
|
CVE-2021-25749
|
2024-11-21 14:55 |
2023-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196006
|
6.5 |
MEDIUM
Network
|
kubernetes
|
ingress-nginx
|
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` …
|
NVD-CWE-noinfo
|
CVE-2021-25748
|
2024-11-21 14:55 |
2023-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196007
|
7.8 |
HIGH
Local
|
avaya
|
ip_office
|
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB…
|
NVD-CWE-Other
|
CVE-2021-25657
|
2024-11-21 14:55 |
2022-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196008
|
8.8 |
HIGH
Network
|
apache
|
hadoop
|
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run a…
|
-
|
CVE-2021-25642
|
2024-11-21 14:55 |
2022-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196009
|
5.5 |
MEDIUM
Local
|
intel
|
killer_ac_1550_firmware
killer_wi-fi_6_ax1650_firmware
killer_wi-fi_6e_ax1690_firmware
killer_wi-fi_6e_ax1675_firmware
proset_wi-fi_6e_ax210_firmware
wi-fi_6e_ax211_firmware
wi-fi_6…
|
Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable denial of service via local access.
|
CWE-125
Out-of-bounds Read
|
CVE-2021-26254
|
2024-11-21 14:55 |
2022-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196010
|
5.5 |
MEDIUM
Local
|
intel
|
wi-fi_6_ax411_firmware
wi-fi_6_ax211_firmware
wi-fi_6_ax210_firmware
wi-fi_6_ax201_firmware
wi-fi_6_ax200_firmware
wireless-ac_9560_firmware
wireless-ac_9462_firmware
wireless-ac…
|
Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denia…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2021-26257
|
2024-11-21 14:55 |
2022-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
