Latest CVE Feed
-
6.5
MEDIUMCVE-2021-40125
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of servic... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40124
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege a... Read more
Affected Products : anyconnect_secure_mobility_client- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-40123
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to ... Read more
Affected Products : identity_services_engine- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40122
A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. ... Read more
Affected Products : meeting_server- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40121
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulner... Read more
Affected Products : identity_services_engine- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-40120
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and exec... Read more
Affected Products : ios_xr application_extension_platform small_business_rv_series_router_firmware rv042 rv042g rv320 rv325 rv082 rv016- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-40119
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across install... Read more
Affected Products : policy_suite- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-40118
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulner... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-40117
A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected d... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40115
A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the we... Read more
- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-40113
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-40112
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-40111
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a D... Read more
Affected Products : james- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40110
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3... Read more
Affected Products : james- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-40109
A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The r... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-40108
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40106
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40105
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40104
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40103
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024