Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20623 | 1 Cisco | 31 N9k-c92160yc-x, N9k-c92300yc, N9k-c92304qc and 28 more | 2023-11-07 | 7.1 HIGH | 7.5 HIGH |
| A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic. | |||||
| CVE-2022-20716 | 1 Cisco | 7 Catalyst Sd-wan Manager, Sd-wan, Sd-wan Solution and 4 more | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. | |||||
| CVE-2022-20730 | 1 Cisco | 1 Firepower Threat Defense | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. This vulnerability is due to incorrect feed update processing. An attacker could exploit this vulnerability by sending traffic through an affected device that should be blocked by the affected device. A successful exploit could allow the attacker to bypass device controls and successfully send traffic to devices that are expected to be protected by the affected device. | |||||
| CVE-2022-20733 | 1 Cisco | 1 Identity Services Engine | 2023-11-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions. | |||||
| CVE-2022-20738 | 1 Cisco | 1 Umbrella Secure Web Gateway | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload. | |||||
| CVE-2022-20742 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-11-07 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel. | |||||
| CVE-2022-1678 | 2 Linux, Netapp | 26 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 23 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | |||||
| CVE-2022-20777 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2023-11-07 | 9.0 HIGH | 9.9 CRITICAL |
| Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-4335 | 1 Radykal | 1 Fancy Product Designer | 2023-11-07 | N/A | 6.3 MEDIUM |
| The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account. | |||||
| CVE-2021-4115 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned | |||||
| CVE-2021-4105 | 1 Bg-tek | 16 Coslat Bx5s1d3, Coslat Bx5s1d3 Firmware, Coslat Bx5s1d4 and 13 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | |||||
| CVE-2021-42762 | 4 Debian, Fedoraproject, Webkitgtk and 1 more | 4 Debian Linux, Fedora, Webkitgtk and 1 more | 2023-11-07 | 4.6 MEDIUM | 5.3 MEDIUM |
| BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. | |||||
| CVE-2021-44420 | 5 Canonical, Debian, Djangoproject and 2 more | 5 Ubuntu Linux, Debian Linux, Django and 2 more | 2023-11-07 | 7.5 HIGH | 7.3 HIGH |
| In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | |||||
| CVE-2021-41801 | 1 Mediawiki | 1 Mediawiki | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog) | |||||
| CVE-2021-43337 | 2 Fedoraproject, Schedmd | 2 Fedora, Slurm | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access. | |||||
| CVE-2021-45115 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. | |||||
| CVE-2021-44225 | 2 Fedoraproject, Keepalived | 2 Fedora, Keepalived | 2023-11-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property | |||||
| CVE-2021-45478 | 1 Yordam | 1 Library Automation System | 2023-11-07 | N/A | 6.5 MEDIUM |
| Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | |||||
| CVE-2021-44103 | 2023-11-07 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42192. Reason: This candidate is a duplicate of CVE-2021-42192. Notes: All CVE users should reference CVE-2021-42192 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
| CVE-2021-42116 | 1 Businessdnasolutions | 1 Topease | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means. | |||||