|
196361
|
6.1 |
MEDIUM
Network
|
arubanetworks
|
clearpass_policy_manager
|
A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web…
|
CWE-79
Cross-site Scripting
|
CVE-2021-26678
|
2024-11-21 14:56 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196362
|
6.5 |
MEDIUM
Network
|
arubanetworks
|
clearpass_policy_manager
|
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management int…
|
CWE-89
SQL Injection
|
CVE-2021-26685
|
2024-11-21 14:56 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196363
|
4.9 |
MEDIUM
Network
|
nozominetworks
|
guardian
central_management_control
|
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Net…
|
CWE-22
Path Traversal
|
CVE-2021-26725
|
2024-11-21 14:56 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196364
|
7.2 |
HIGH
Network
|
nozominetworks
|
guardian
central_management_control
|
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This…
|
CWE-78
OS Command
|
CVE-2021-26724
|
2024-11-21 14:56 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196365
|
6.5 |
MEDIUM
Network
|
digium
|
certified_asterisk
asterisk
|
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated Web…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-26713
|
2024-11-21 14:56 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196366
|
7.5 |
HIGH
Network
|
apache
netapp
|
myfaces
oncommand_insight
|
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site reque…
|
CWE-352
Origin Validation Error
|
CVE-2021-26296
|
2024-11-21 14:56 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196367
|
6.1 |
MEDIUM
Network
|
openenergymonitor
|
emoncms
|
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26716
|
2024-11-21 14:56 |
2021-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196368
|
5.4 |
MEDIUM
Network
|
apache
|
livy
|
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions…
|
CWE-79
Cross-site Scripting
|
CVE-2021-26544
|
2024-11-21 14:56 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196369
|
6.1 |
MEDIUM
Network
|
chamilo
|
chamilo
|
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26746
|
2024-11-21 14:56 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196370
|
9.8 |
CRITICAL
Network
|
netis-systems
|
wf2780_firmware
wf2411_firmware
|
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.
|
CWE-78
OS Command
|
CVE-2021-26747
|
2024-11-21 14:56 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
