|
196171
|
7.2 |
HIGH
Network
|
dolibarr
|
dolibarr
dolibarr_erp\/crm
|
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming…
|
NVD-CWE-Other
|
CVE-2021-25956
|
2024-11-21 14:55 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196172
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions a…
|
CWE-22
Path Traversal
|
CVE-2021-26086
|
2024-11-21 14:55 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196173
|
9.0 |
CRITICAL
Network
|
dolibarr
|
dolibarr
|
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25955
|
2024-11-21 14:55 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196174
|
7.5 |
HIGH
Network
|
siemens
|
automation_license_manager
|
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-25659
|
2024-11-21 14:55 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196175
|
4.3 |
MEDIUM
Network
|
dolibarr
|
dolibarr
|
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an…
|
CWE-863
Incorrect Authorization
|
CVE-2021-25954
|
2024-11-21 14:55 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196176
|
5.3 |
MEDIUM
Network
|
samsung
|
smart_touch_call
|
Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.
|
NVD-CWE-Other
|
CVE-2021-25448
|
2024-11-21 14:55 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196177
|
5.3 |
MEDIUM
Network
|
samsung
|
smartthings_firmware
|
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.
|
NVD-CWE-Other
|
CVE-2021-25447
|
2024-11-21 14:55 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196178
|
5.3 |
MEDIUM
Network
|
samsung
|
smartthings_firmware
|
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
|
NVD-CWE-Other
|
CVE-2021-25446
|
2024-11-21 14:55 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196179
|
5.3 |
MEDIUM
Network
|
samsung
|
internet
|
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.
|
CWE-287
Improper Authentication
|
CVE-2021-25445
|
2024-11-21 14:55 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196180
|
8.8 |
HIGH
Network
|
fortinet
|
fortisandbox
|
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifica…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-26096
|
2024-11-21 14:55 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
