Latest CVE Feed
-
7.5
HIGHCVE-2021-34814
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.... Read more
Affected Products : spam_engine- EPSS Score: %0.41
- Published: Oct. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34813
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution mig... Read more
Affected Products : olm- EPSS Score: %4.46
- Published: Jun. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34812
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.... Read more
Affected Products : calendar- EPSS Score: %0.22
- Published: Jun. 18, 2021
- Modified: Nov. 21, 2024
-
5.0
MEDIUMCVE-2021-34811
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.... Read more
Affected Products : download_station- EPSS Score: %0.12
- Published: Jun. 18, 2021
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2021-34810
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.... Read more
Affected Products : download_station- EPSS Score: %1.11
- Published: Jun. 18, 2021
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2021-34809
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vect... Read more
Affected Products : download_station- EPSS Score: %1.64
- Published: Jun. 18, 2021
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2021-34808
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.... Read more
Affected Products : media_server- EPSS Score: %0.18
- Published: Jun. 18, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-34807
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, ... Read more
Affected Products : collaboration- EPSS Score: %0.86
- Published: Jul. 02, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34805
An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.... Read more
Affected Products : faust_iserver- EPSS Score: %90.22
- Published: Jan. 31, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34803
TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.... Read more
- EPSS Score: %0.03
- Published: Jun. 16, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-34802
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.... Read more
Affected Products : graph_databse- EPSS Score: %0.55
- Published: Jul. 30, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-34801
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.... Read more
Affected Products : valine- EPSS Score: %1.05
- Published: Jun. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34800
Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147... Read more
Affected Products : agent- EPSS Score: %0.32
- Published: Nov. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux cloud_backup peoplesoft_enterprise_peopletools http_server clustered_data_ontap http_server tenable.sc sinema_remote_connect_server +8 more products- EPSS Score: %10.97
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34797
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-",... Read more
Affected Products : geode- EPSS Score: %0.36
- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-34795
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- EPSS Score: %1.26
- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-34794
A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker... Read more
- EPSS Score: %0.36
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-34793
A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in ... Read more
- EPSS Score: %0.09
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-34792
A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Th... Read more
- EPSS Score: %0.43
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-34791
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attack... Read more
- EPSS Score: %0.99
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024