|
196441
|
5.4 |
MEDIUM
Network
|
my_calendar_project
|
my_calendar
|
The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in…
|
-
|
CVE-2021-24927
|
2024-11-21 14:54 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196442
|
5.4 |
MEDIUM
Network
|
smashballoon
|
smash_balloon_social_post_feed
|
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable sit…
|
-
|
CVE-2021-24918
|
2024-11-21 14:54 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196443
|
9.8 |
CRITICAL
Network
|
contest_gallery
|
contest_gallery
|
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when…
|
-
|
CVE-2021-24915
|
2024-11-21 14:54 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196444
|
4.4 |
MEDIUM
Local
|
sophos
|
exploit_prevention
intercept_x_endpoint
intercept_x_for_server
|
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Soph…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-25269
|
2024-11-21 14:54 |
2021-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196445
|
5.3 |
MEDIUM
Network
|
isc
debian
fedoraproject
netapp
siemens
oracle
|
bind
debian_linux
fedora
h300s_firmware
h500s_firmware
h700s_firmware
h300e_firmware
h500e_firmware
h700e_firmware
h410s_firmware
h410c_firmware
cloud_backup
sinec…
|
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BI…
|
NVD-CWE-noinfo
|
CVE-2021-25219
|
2024-11-21 14:54 |
2021-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196446
|
6.0 |
MEDIUM
Local
|
sophos
|
hitmanpro
|
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.
|
NVD-CWE-noinfo
|
CVE-2021-25271
|
2024-11-21 14:54 |
2021-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196447
|
6.7 |
MEDIUM
Local
|
sophos
|
hitmanpro.alert
|
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.
|
NVD-CWE-noinfo
|
CVE-2021-25270
|
2024-11-21 14:54 |
2021-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196448
|
7.5 |
HIGH
Network
|
isc
fedoraproject
|
bind
fedora
|
In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process wil…
|
CWE-617
Reachable Assertion
|
CVE-2021-25218
|
2024-11-21 14:54 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196449
|
7.8 |
HIGH
Local
|
yandex
|
yandex_browser
|
Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-25263
|
2024-11-21 14:54 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196450
|
5.5 |
MEDIUM
Local
|
google
|
android
|
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2021-25444
|
2024-11-21 14:54 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
