|
196141
|
9.8 |
CRITICAL
Network
|
docker_dashboard_project
|
docker_dashboard
|
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, I…
|
CWE-78
OS Command
|
CVE-2021-27886
|
2024-11-21 14:58 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196142
|
5.1 |
MEDIUM
Local
|
ymfe
|
yapi
|
Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2021-27884
|
2024-11-21 14:58 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196143
|
7.5 |
HIGH
Adjacent
|
w1.fi
fedoraproject
debian
|
wpa_supplicant
fedora
debian_linux
|
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten…
|
NVD-CWE-noinfo
|
CVE-2021-27803
|
2024-11-21 14:58 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196144
|
7.5 |
HIGH
Network
|
zint
|
barcode_generator
|
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generat…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-27799
|
2024-11-21 14:58 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196145
|
6.1 |
MEDIUM
Network
|
comrak_project
|
comrak
|
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be …
|
CWE-79
Cross-site Scripting
|
CVE-2021-27671
|
2024-11-21 14:58 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196146
|
9.8 |
CRITICAL
Network
|
appspace
|
appspace
|
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-27670
|
2024-11-21 14:58 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196147
|
2.5 |
LOW
Local
|
gnu
fedoraproject
debian
|
glibc
fedora
debian_linux
|
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting …
|
CWE-415
Double Free
|
CVE-2021-27645
|
2024-11-21 14:58 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196148
|
5.3 |
MEDIUM
Network
|
rangerstudio
|
directus
|
In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2021-27583
|
2024-11-21 14:58 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196149
|
9.1 |
CRITICAL
Network
|
mitreid
|
connect
|
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This ar…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-27582
|
2024-11-21 14:58 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196150
|
7.8 |
HIGH
Local
|
snowsoftware
|
snow_inventory_agent
|
Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exist…
|
NVD-CWE-noinfo
|
CVE-2021-27579
|
2024-11-21 14:58 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
