CVE-2021-33723
- EPSS 0.22%
- Veröffentlicht 12.10.2021 10:15:11
- Zuletzt bearbeitet 21.11.2024 06:09:27
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in th...
CVE-2021-33722
- EPSS 0.37%
- Veröffentlicht 12.10.2021 10:15:11
- Zuletzt bearbeitet 21.11.2024 06:09:26
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary file...
- EPSS 94.43%
- Veröffentlicht 16.09.2021 15:15:07
- Zuletzt bearbeitet 27.10.2025 17:37:06
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-39275
- EPSS 37.67%
- Veröffentlicht 16.09.2021 15:15:07
- Zuletzt bearbeitet 01.05.2025 15:39:40
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-34798
- EPSS 10.29%
- Veröffentlicht 16.09.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:11:13
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-3449
- EPSS 8.36%
- Veröffentlicht 25.03.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:33
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...