Latest CVE Feed
-
9.8
CRITICALCVE-2021-40147
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.... Read more
Affected Products : zoc- Published: Aug. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-40146
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN,... Read more
Affected Products : any23- Published: Sep. 11, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40145
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used... Read more
Affected Products : libgd- Published: Aug. 26, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-40143
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.... Read more
Affected Products : nexus_repository_manager_3- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40142
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.... Read more
- Published: Aug. 27, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-40131
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is du... Read more
Affected Products : common_services_platform_collector- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-40130
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the sysl... Read more
Affected Products : common_services_platform_collector- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-40129
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input... Read more
Affected Products : common_services_platform_collector- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-40128
A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insuffic... Read more
Affected Products : webex_meetings- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-40127
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remot... Read more
Affected Products : sf300-08_firmware sf302-08_firmware sf302-08p_firmware sf302-08pp_firmware sf302-08mp_firmware sf302-08mpp_firmware sf300-24_firmware sf300-24p_firmware sf300-24pp_firmware sf300-24mp_firmware +122 more products- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-40126
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the ... Read more
- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-40125
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of servic... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40124
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege a... Read more
Affected Products : anyconnect_secure_mobility_client- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-40123
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to ... Read more
Affected Products : identity_services_engine- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40122
A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. ... Read more
Affected Products : meeting_server- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40121
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulner... Read more
Affected Products : identity_services_engine- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-40120
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and exec... Read more
Affected Products : ios_xr application_extension_platform small_business_rv_series_router_firmware rv042 rv042g rv320 rv325 rv082 rv016- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-40119
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across install... Read more
Affected Products : policy_suite- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-40118
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulner... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-40117
A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected d... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024