|
196361
|
7.5 |
HIGH
Network
|
netapp
|
cloud_manager
|
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS).
|
NVD-CWE-noinfo
|
CVE-2021-26992
|
2024-11-21 14:57 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196362
|
7.5 |
HIGH
Network
|
netapp
|
cloud_manager
|
Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager.
|
NVD-CWE-noinfo
|
CVE-2021-26991
|
2024-11-21 14:57 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196363
|
9.1 |
CRITICAL
Network
|
netapp
|
cloud_manager
|
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.
|
CWE-862
Missing Authorization
|
CVE-2021-26990
|
2024-11-21 14:57 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196364
|
8.1 |
HIGH
Network
|
mikrotik
|
routeros
|
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior becau…
|
NVD-CWE-noinfo
|
CVE-2021-27221
|
2024-11-21 14:57 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196365
|
6.1 |
MEDIUM
Network
|
advantech
|
webaccess\/scada
|
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of…
|
CWE-79
Cross-site Scripting
|
CVE-2021-27436
|
2024-11-21 14:57 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196366
|
7.5 |
HIGH
Network
|
grafana
netapp
|
grafana
e-series_performance_analyzer
|
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
|
NVD-CWE-noinfo
|
CVE-2021-27358
|
2024-11-21 14:57 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196367
|
7.5 |
HIGH
Network
|
konghq
|
kong_gateway
|
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2021-27306
|
2024-11-21 14:57 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196368
|
7.5 |
HIGH
Network
|
wowonder
|
wowonder
|
In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.
|
CWE-89
SQL Injection
|
CVE-2021-26935
|
2024-11-21 14:57 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196369
|
7.5 |
HIGH
Network
|
ua-parser-js_project
|
ua-parser-js
|
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing…
|
NVD-CWE-Other
|
CVE-2021-27292
|
2024-11-21 14:57 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196370
|
7.5 |
HIGH
Network
|
pygments
debian
fedoraproject
|
pygments
debian_linux
fedora
|
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity a…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2021-27291
|
2024-11-21 14:57 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
