Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-29530

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.0119EPSS
Exploits2References2
CNVD
CNVD
added 2022/01/19 12:0 a.m.16 views

Caldera Arbitrary Code Execution Vulnerability

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. An arbitrary code execution vulnerability exists in Caldera version 2.8.1. The vulnerability stems from the Human plugin passing an unfiltered name...

9CVSS9.1AI score0.19572EPSS
Exploits2References1
NVD
NVD
added 2022/01/12 8:15 p.m.16 views

CVE-2021-42559

An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted...

8.8CVSS0.01957EPSS
Exploits3References2
OSV
OSV
added 2022/01/12 8:15 p.m.18 views

CVE-2021-42558

An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers...

6.1CVSS6.2AI score0.01052EPSS
Exploits2References2
NVD
NVD
added 2022/01/12 8:15 p.m.24 views

CVE-2021-42558

An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers...

6.1CVSS0.01052EPSS
Exploits2References2
OSV
OSV
added 2022/01/12 8:15 p.m.15 views

CVE-2021-42559

An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted...

8.8CVSS7.2AI score0.01957EPSS
Exploits3References2
OSV
OSV
added 2022/01/12 7:15 p.m.19 views

CVE-2021-42562

An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users...

8.1CVSS6.7AI score0.0119EPSS
Exploits2References2
NVD
NVD
added 2022/01/12 7:15 p.m.38 views

CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

9CVSS0.19572EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/01/12 6:52 p.m.42 views

CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

9.1AI score0.19572EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/01/12 6:46 p.m.27 views

CVE-2021-42562

An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users...

8.1AI score0.0119EPSS
Exploits2References2
Rows per page
Query Builder