Latest CVE Feed
-
8.6
HIGHCVE-2021-40118
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulner... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-40117
A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected d... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40115
A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the we... Read more
- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-40113
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-40112
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-40111
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a D... Read more
Affected Products : james- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40110
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3... Read more
Affected Products : james- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-40109
A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The r... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-40108
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40106
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40105
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40104
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40103
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-40102
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).... Read more
Affected Products : concrete_cms- Published: Sep. 24, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-40101
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password.... Read more
Affected Products : concrete_cms- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-40100
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.... Read more
Affected Products : concrete_cms- Published: Sep. 24, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-40099
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.... Read more
Affected Products : concrete_cms- Published: Sep. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40098
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-40097
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.... Read more
Affected Products : concrete_cms- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-40096
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.... Read more
Affected Products : squaredup- Published: Dec. 07, 2021
- Modified: Nov. 21, 2024