Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-45608 SQL Injection vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-89
8.8
8.8
2024-11-15 CVE-2024-40638 SQL Injection vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-89
8.8
8.8
2024-11-15 CVE-2024-41678 Cross-site Scripting vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-79
6.1
6.1
2024-11-15 CVE-2021-1464 A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input validation for certain commands.
network
low complexity
CWE-20
5.0
5.0
2024-11-15 CVE-2021-1470 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system.
network
low complexity
CWE-20
4.9
4.9
2024-11-15 CVE-2021-1481 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface.
network
low complexity
CWE-943
4.3
4.3
2024-11-15 CVE-2021-1482 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks.
network
low complexity
CWE-20
6.4
6.4
2024-11-15 CVE-2021-1483 A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files.
network
low complexity
CWE-611
6.4
6.4
2024-11-15 CVE-2021-1484 A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper input validation of user-supplied input to the device template configuration.
network
low complexity
CWE-88
6.5
6.5
2024-11-15 CVE-2021-1494 Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters.
network
low complexity
CWE-693
5.8
5.8