|
200681
|
7.5 |
HIGH
Network
|
antennahouse
|
office_server_document_converter
|
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS)…
|
CWE-611
XXE
|
CVE-2021-20838
|
2024-11-21 14:47 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200682
|
9.8 |
CRITICAL
Network
|
sixapart
|
movable_type
|
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable…
|
CWE-78
OS Command
|
CVE-2021-20837
|
2024-11-21 14:47 |
2021-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200683
|
6.5 |
MEDIUM
Local
|
omron
|
cx-supervisor
|
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening …
|
CWE-125
Out-of-bounds Read
|
CVE-2021-20836
|
2024-11-21 14:47 |
2021-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200684
|
6.1 |
MEDIUM
Network
|
nike
|
nike
|
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a…
|
CWE-862
Missing Authorization
|
CVE-2021-20834
|
2024-11-21 14:47 |
2021-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200685
|
7.4 |
HIGH
Network
|
soda-inc
|
snkrdunk
|
The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communicatio…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-20833
|
2024-11-21 14:47 |
2021-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200686
|
5.3 |
MEDIUM
Network
|
inbody
|
inbody
|
InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body …
|
CWE-200
Information Exposure
|
CVE-2021-20832
|
2024-11-21 14:47 |
2021-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200687
|
8.8 |
HIGH
Network
|
og_tags_project
|
og_tags
|
Cross-site request forgery (CSRF) vulnerability in OG Tags versions prior to 2.0.2 allows a remote attacker to hijack the authentication of administrators and unintended operation may be performed vi…
|
CWE-352
Origin Validation Error
|
CVE-2021-20831
|
2024-11-21 14:47 |
2021-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200688
|
6.1 |
MEDIUM
Network
|
cybozu
|
remote_service_manager
|
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20807
|
2024-11-21 14:47 |
2021-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200689
|
6.1 |
MEDIUM
Network
|
cybozu
|
remote_service_manager
|
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
CWE-601
Open Redirect
|
CVE-2021-20806
|
2024-11-21 14:47 |
2021-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200690
|
5.4 |
MEDIUM
Network
|
cybozu
|
remote_service_manager
|
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20805
|
2024-11-21 14:47 |
2021-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
