CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2021-36697 With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A norma... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-36698 Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-37147 Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. | 7.5 | HIGH | — | 0 |
| CVE-2021-37148 Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1. | 7.5 | HIGH | — | 0 |
| CVE-2021-37149 Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. | 7.5 | HIGH | — | 0 |
| CVE-2021-38161 Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8. | 8.1 | HIGH | — | 0 |
| CVE-2021-41585 Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic... | 7.5 | HIGH | — | 0 |
| CVE-2020-23680 An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts. | 7.8 | HIGH | — | 0 |
| CVE-2020-24000 SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24743 An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-26786 An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php. | 8.8 | HIGH | — | 0 |
| CVE-2021-27836 An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-40985 A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-18259 ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML ... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-18261 An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-18262 ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-18263 PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. | 7.5 | HIGH | — | 0 |
| CVE-2021-23472 This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array... | 3.1 | LOW | — | 0 |
| CVE-2021-23509 This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays. | 5.6 | MEDIUM | — | 0 |
| CVE-2021-23624 This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays. | 5.6 | MEDIUM | — | 0 |
| CVE-2021-33800 In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | 7.5 | HIGH | — | 0 |
| CVE-2021-23784 This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scrip... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-41134 nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when ... | 8.7 | HIGH | — | 0 |
| CVE-2021-41174 Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript... | 6.9 | MEDIUM | — | 0 |
| CVE-2020-28416 HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially... | 7.8 | HIGH | — | 0 |
| CVE-2020-6931 HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege. | 7.8 | HIGH | — | 0 |
| CVE-2021-22960 The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-35053 Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the syste... | 7.5 | HIGH | — | 0 |
| CVE-2021-38403 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-38407 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API dev... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-38411 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the A... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-38416 Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | 7.8 | HIGH | — | 0 |
| CVE-2021-38418 Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access info... | 8.8 | HIGH | — | 0 |
| CVE-2021-38420 Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory an... | 7.8 | HIGH | — | 0 |
| CVE-2021-38422 Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privilege... | 7.8 | HIGH | — | 0 |
| CVE-2021-38424 The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with ... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-38428 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API sch... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-38488 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41492 Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42772 Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDu... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43032 In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payl... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-43339 In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be create... | 8.8 | HIGH | — | 0 |
| CVE-2021-41562 A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-25367 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-34594 TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-34597 Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of t... | 7.8 | HIGH | — | 0 |
| CVE-2020-25366 An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. | 9.1 | CRITICAL | — | 0 |
| CVE-2020-25368 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42624 A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function. | 7.8 | HIGH | — | 0 |
| CVE-2021-1500 A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.