CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2021-31891
https://notcve.org/view.php?id=CVE-2021-31891
14 Sep 2021 — A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote... • https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20228 – ansible: basic.py no_log with fallback option
https://notcve.org/view.php?id=CVE-2021-20228
25 Feb 2021 — A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en Ansible Engine versión 2.9.18, donde la información confidencial no está enmascarada por defecto y no está protegida por la funcionalidad no_log cuando se usa la func... • https://bugzilla.redhat.com/show_bug.cgi?id=1925002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.7EPSS: 0%CPEs: 11EXPL: 0CVE-2020-27825 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-27825
11 Dec 2020 — A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. Se encontró un fallo de uso de la memoria previamente liberada en el archivo kernel/trace/ring_buffer.c en el kernel de Linux (anteriores a la versión 5.10-rc1)... • https://bugzilla.redhat.com/show_bug.cgi?id=1905155 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25626 – django-rest-framework: XSS Vulnerability in API viewer
https://notcve.org/view.php?id=CVE-2020-25626
30 Sep 2020 — A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious