daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-14
ghost 2024-11-07 05:44:40 +00:00
parent a31517209f
commit a13b86c355
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -1495,6 +1495,7 @@
{"ID":"CVE-2021-44139","Info":{"Name":"Alibaba Sentinel - Server-side request forgery (SSRF)","Severity":"high","Description":"There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44139.yaml"}
{"ID":"CVE-2021-44152","Info":{"Name":"Reprise License Manager 14.2 - Authentication Bypass","Severity":"critical","Description":"Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44152.yaml"}
{"ID":"CVE-2021-44228","Info":{"Name":"Apache Log4j2 Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 \u003c=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-44228.yaml"}
{"ID":"CVE-2021-44260","Info":{"Name":"WAVLINK AC1200 - Information Disclosure","Severity":"high","Description":"A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44260.yaml"}
{"ID":"CVE-2021-4436","Info":{"Name":"3DPrint Lite \u003c 1.9.1.5 - Arbitrary File Upload","Severity":"critical","Description":"The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-4436.yaml"}
{"ID":"CVE-2021-44427","Info":{"Name":"Rosario Student Information System Unauthenticated SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44427.yaml"}
{"ID":"CVE-2021-44451","Info":{"Name":"Apache Superset \u003c=1.3.2 - Default Login","Severity":"medium","Description":"Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-44451.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
a6840cee68528826a7a81eb7c14f51e7
8899b6cfd6387564efd7ca067cf95bfa