|
194991
|
6.5 |
MEDIUM
Network
|
bosch
|
bosch_video_management_system
video_recording_manager
|
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software.…
|
NVD-CWE-Other
|
CVE-2021-23861
|
2024-11-21 14:51 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194992
|
6.1 |
MEDIUM
Network
|
bosch
|
bosch_video_management_system
video_recording_manager
|
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header tha…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23860
|
2024-11-21 14:51 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194993
|
7.5 |
HIGH
Network
|
bosch
|
bosch_video_management_system
video_recording_manager
access_easy_controller_firmware
video_recording_manager_exporter
building_integration_system
access_professional_edition
|
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2021-23859
|
2024-11-21 14:51 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194994
|
7.5 |
HIGH
Network
|
citrix
|
application_delivery_controller_firmware
gateway
sd-wan
|
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface acce…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22956
|
2024-11-21 14:51 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194995
|
7.5 |
HIGH
Network
|
citrix
|
application_delivery_controller_firmware
gateway
|
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to caus…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22955
|
2024-11-21 14:51 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194996
|
9.8 |
CRITICAL
Network
|
ajaxpro.2_project
|
ajaxpro.2
|
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code exec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-23758
|
2024-11-21 14:51 |
2021-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194997
|
8.8 |
HIGH
Network
|
tiny
|
plupload
|
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-23562
|
2024-11-21 14:51 |
2021-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194998
|
9.1 |
CRITICAL
Network
|
craftercms
|
crafter_cms
|
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-23264
|
2024-11-21 14:51 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194999
|
7.5 |
HIGH
Network
|
craftercms
|
crafter_cms
|
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-23263
|
2024-11-21 14:51 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195000
|
7.2 |
HIGH
Network
|
craftercms
|
crafter_cms
|
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2021-23262
|
2024-11-21 14:51 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
