Skip to main content
CVE-2021-37343 HIGH POC THREAT Act Now

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
23.8%
CVE-2021-21815 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xmill
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21814 HIGH POC This Week

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xmill
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21813 HIGH POC This Week

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xmill
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21812 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xmill
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-37345 HIGH This Week

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-34398 HIGH This Week

NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nvidia Denial Of Service Data Center Gpu Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-37349 HIGH This Week

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation PHP Nagios Xi
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-37347 HIGH This Week

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Nagios Xi
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-38623 HIGH PATCH This Week

The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deferred Image Processing
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-36793 HIGH PATCH This Week

The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routes
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-36786 HIGH PATCH This Week

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saml
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-37693 HIGH PATCH This Week

Discourse is an open-source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-37348 HIGH This Week

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Information Disclosure Nagios Xi
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-36792 HIGH This Week

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dated News
NVD
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy