Latest CVE Feed
-
7.5
HIGHCVE-2021-40142
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.... Read more
- Published: Aug. 27, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-40131
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is du... Read more
Affected Products : common_services_platform_collector- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-40130
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the sysl... Read more
Affected Products : common_services_platform_collector- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-40129
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input... Read more
Affected Products : common_services_platform_collector- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-40128
A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insuffic... Read more
Affected Products : webex_meetings- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-40127
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remot... Read more
Affected Products : sf300-08_firmware sf302-08_firmware sf302-08p_firmware sf302-08pp_firmware sf302-08mp_firmware sf302-08mpp_firmware sf300-24_firmware sf300-24p_firmware sf300-24pp_firmware sf300-24mp_firmware +122 more products- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-40126
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the ... Read more
- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-40125
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of servic... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40124
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege a... Read more
Affected Products : anyconnect_secure_mobility_client- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-40123
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to ... Read more
Affected Products : identity_services_engine- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40122
A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. ... Read more
Affected Products : meeting_server- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40121
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulner... Read more
Affected Products : identity_services_engine- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-40120
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and exec... Read more
Affected Products : ios_xr application_extension_platform small_business_rv_series_router_firmware rv042 rv042g rv320 rv325 rv082 rv016- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-40119
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across install... Read more
Affected Products : policy_suite- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-40118
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulner... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-40117
A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected d... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40115
A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the we... Read more
- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-40113
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-40112
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-40111
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a D... Read more
Affected Products : james- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024