Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rack vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Ph...
Schneider-electric Network Management Card 2 Firmware
Schneider-electric Network Management Card 3 Firmware
383
VMScore
CVE-2021-22813
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit poli...
Schneider-electric Network Management Card 2 Firmware
Schneider-electric Network Management Card 3 Firmware
383
VMScore
CVE-2021-22814
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) u...
Schneider-electric Network Management Card 2 Firmware
Schneider-electric Network Management Card 3 Firmware
445
VMScore
CVE-2021-22815
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630...
Schneider-electric Network Management Card 2 Firmware
Schneider-electric Network Management Card 3 Firmware
534
VMScore
CVE-2021-22825
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an malicious user to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: ...
Schneider-electric Rack Power Distribution Unit With Network Management Card 2 Firmware
Schneider-electric Rack Power Distribution Unit With Network Management Card 3 Firmware
694
VMScore
CVE-2021-23236
Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system.
Fresenius-kabi Agilia Partner Maintenance Software
Fresenius-kabi Vigilant Centerium 1.0
Fresenius-kabi Vigilant Insight 1.0
Fresenius-kabi Vigilant Mastermed 1.0
Fresenius-kabi Agilia Connect Firmware
Fresenius-kabi Link\\+ Agilia Firmware
Fresenius-kabi Link\\+ Agilia Firmware 3.0
445
VMScore
CVE-2021-34736
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote malicious user to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input...
Cisco Unified Computing System
320
VMScore
CVE-2021-41136
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p...
Puma Puma
Debian Debian Linux 10.0
Debian Debian Linux 11.0
668
VMScore
CVE-2021-38412
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an malicious user to enable the SNMP service and manipulate the...
Digi Portserver Ts 16 Firmware 82000684
Digi Portserver Ts 16 Firmware 82000685
605
VMScore
CVE-2021-39197
better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors before 2.8.0 did not implement CSRF protection for its internal requests. It ...
Better Errors Project Better Errors
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »