CVSS: 10.0EPSS: 97%CPEs: 398EXPL: 406CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1135 – Cisco Data Center Network Manager REST API Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1135
20 Jan 2021 — Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el endpoint de la API REST de Cisco Data Center Network Manager (DCNM), podrían permitir a un atacante remoto autenticado visualizar, modificar y eliminar datos sin la debida autorización... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1250 – Cisco Data Center Network Manager Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1250
20 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la interfaz de administración basada en web de Cisco Data Center Network Manager (DCNM), podrían perm... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1249 – Cisco Data Center Network Manager Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1249
20 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la interfaz de administración basada en web de Cisco Data Center Network Manager (DCNM), podrían perm... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1248 – Cisco Data Center Network Manager SQL Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1248
20 Jan 2021 — Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en determinados endpoints de la API REST de Cisco Data Center Network Manager (DCNM), podrían permitir a un atacante remoto autenticado ejecutar comandos SQL arbitrarios en un dispositivo afecta... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1247 – Cisco Data Center Network Manager SQL Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1247
20 Jan 2021 — Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en determinados endpoints de la API REST de Cisco Data Center Network Manager (DCNM), podrían permitir a un atacante remoto autenticado ejecutar comandos SQL arbitrarios en un dispositivo afecta... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1253 – Cisco Data Center Network Manager Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1253
20 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Data Center Network Manager (DCNM), podrían p... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1255 – Cisco Data Center Network Manager REST API Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1255
20 Jan 2021 — Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el punto final de la API REST de Cisco Data Center Network Manager (DCNM) podrían permitir a un atacante remoto autenticado ver, modificar y eliminar datos sin la debida autorización. Par... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1269 – Cisco Data Center Network Manager Authorization Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1269
20 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Data Center Network Manager (DCNM), podrían permitir a un atacante remoto autenticado visualizar, modificar y eliminar da... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-OHBPbxu • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1270 – Cisco Data Center Network Manager Authorization Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1270
20 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Data Center Network Manager (DCNM), podrían permitir a un atacante remoto autenticado visualizar, modificar y eliminar da... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-OHBPbxu • CWE-863: Incorrect Authorization •