Vulnerabilities > Incomplete Blacklist
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2020-14372 | Incomplete Blacklist vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. | 7.5 |
| 2021-01-20 | CVE-2021-1135 | Incomplete Blacklist vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 4.3 |
| 2021-01-20 | CVE-2021-1255 | Incomplete Blacklist vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 5.4 |
| 2021-01-20 | CVE-2021-1133 | Incomplete Blacklist vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 7.3 |
| 2018-12-03 | CVE-2018-16863 | Incomplete Blacklist vulnerability in multiple products It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. | 7.8 |
| 2018-02-06 | CVE-2017-7525 | Incomplete Blacklist vulnerability in multiple products A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | 9.8 |
| 2018-01-29 | CVE-2018-6383 | Incomplete Blacklist vulnerability in Monstra Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. | 6.5 |
| 2017-08-07 | CVE-2015-5946 | Incomplete Blacklist vulnerability in Sugarcrm 6.5.22 Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | 4.6 |
| 2017-02-17 | CVE-2016-6189 | Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. | 4.3 |