Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40127 | 1 Cisco | 132 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 129 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a permanent invalid redirect for requests sent to the web-based management interface of the device, resulting in a DoS condition. | |||||
| CVE-2021-3442 | 1 Redhat | 1 Openshift Api Management | 2023-11-07 | N/A | 5.4 MEDIUM |
| A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-38015 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2021-34714 | 1 Cisco | 225 Firepower 4100, Firepower 4110, Firepower 4112 and 222 more | 2023-11-07 | 5.7 MEDIUM | 7.4 HIGH |
| A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process. | |||||
| CVE-2021-34790 | 1 Cisco | 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 16 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. | |||||
| CVE-2021-34791 | 1 Cisco | 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 16 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. | |||||
| CVE-2021-37150 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2023-11-07 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2021-34783 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability. | |||||
| CVE-2021-34736 | 1 Cisco | 23 Ucs C125 M5, Ucs C220 M3, Ucs C220 M4 and 20 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition. | |||||
| CVE-2021-33620 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | |||||
| CVE-2021-30862 | 1 Apple | 1 Itunes U | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | |||||
| CVE-2021-30881 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Unpacking a maliciously crafted archive may lead to arbitrary code execution. | |||||
| CVE-2021-30589 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. | |||||
| CVE-2021-30917 | 1 Apple | 7 Ipad Os, Ipados, Iphone Os and 4 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-29468 | 1 Cygwin | 1 Git | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio. | |||||
| CVE-2021-21394 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. | |||||
| CVE-2021-21393 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. | |||||
| CVE-2021-21408 | 3 Debian, Fedoraproject, Smarty | 3 Debian Linux, Fedora, Smarty | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. | |||||
| CVE-2021-22827 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior versions | |||||
| CVE-2021-22826 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior versions | |||||