|
196811
|
5.5 |
MEDIUM
Local
|
hpe
|
unified_data_management
|
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2021-26579
|
2024-11-21 14:56 |
2021-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196812
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-816_firmware
|
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWif…
|
CWE-78
OS Command
|
CVE-2021-26810
|
2024-11-21 14:56 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196813
|
9.8 |
CRITICAL
Network
|
mitel
|
micontact_center_enterprise
|
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploi…
|
NVD-CWE-Other
|
CVE-2021-26714
|
2024-11-21 14:56 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196814
|
6.5 |
MEDIUM
Network
|
nokia
|
netact
|
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dange…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-26597
|
2024-11-21 14:56 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196815
|
5.4 |
MEDIUM
Network
|
nokia
|
netact
|
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The mo…
|
CWE-79
Cross-site Scripting
|
CVE-2021-26596
|
2024-11-21 14:56 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196816
|
9.1 |
CRITICAL
Network
|
mitreid
|
connect
|
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri pa…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-26715
|
2024-11-21 14:56 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196817
|
7.5 |
HIGH
Network
|
hpe
|
network_orchestrator
|
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.
|
CWE-89
SQL Injection
|
CVE-2021-26578
|
2024-11-21 14:56 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196818
|
9.8 |
CRITICAL
Network
|
apache
|
ofbiz
|
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-26295
|
2024-11-21 14:56 |
2021-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196819
|
9.8 |
CRITICAL
Network
|
eslint-fixer_project
|
eslint-fixer
|
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported b…
|
CWE-77
Command Injection
|
CVE-2021-26275
|
2024-11-21 14:56 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196820
|
8.1 |
HIGH
Network
|
synology
|
diskstation_manager
|
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web r…
|
CWE-362
Race Condition
|
CVE-2021-26569
|
2024-11-21 14:56 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
