Latest CVE Feed
-
6.5
MEDIUMCVE-2021-34431
In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.... Read more
Affected Products : mosquitto- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34430
Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.... Read more
Affected Products : tinydtls- Published: Jul. 08, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability rep... Read more
Affected Products : hci_management_node solidfire e-series_santricity_os_controller e-series_santricity_web_services communications_cloud_native_core_unified_data_repository autovue_for_agile_product_lifecycle_management communications_diameter_signaling_router jetty snap_creator_framework communications_cloud_native_core_binding_support_function +8 more products- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
3.6
LOWCVE-2021-34428
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple... Read more
Affected Products : debian_linux active_iq_unified_manager e-series_santricity_os_controller e-series_santricity_web_services snapmanager autovue_for_agile_product_lifecycle_management communications_services_gatekeeper communications_session_report_manager communications_session_route_manager communications_element_manager +6 more products- Published: Jun. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34427
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.... Read more
Affected Products : business_intelligence_and_reporting_tools- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34426
A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user\'s Git repositor... Read more
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-34425
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\... Read more
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34424
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for... Read more
- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34423
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for... Read more
- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
9.0
CRITICALCVE-2021-34422
The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could ... Read more
Affected Products : keybase- Published: Nov. 11, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-34421
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user e... Read more
Affected Products : keybase- Published: Nov. 11, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-34420
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer.... Read more
Affected Products : zoom_client_for_meetings- Published: Nov. 11, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-34419
In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for so... Read more
Affected Products : zoom_client_for_meetings- Published: Nov. 11, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-34418
The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom ... Read more
- Published: Nov. 11, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-34417
The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45... Read more
- Published: Nov. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34416
The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8... Read more
- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34415
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.... Read more
Affected Products : meeting_connector- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-34414
The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42... Read more
- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34413
All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious applica... Read more
Affected Products : zoom_plugin_for_microsoft_outlook- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34412
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privil... Read more
Affected Products : meetings- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024