Latest CVE Feed
-
5.9
MEDIUMCVE-2021-22947
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush... Read more
Affected Products : fedora debian_linux curl solidfire_baseboard_management_controller_firmware cloud_backup peoplesoft_enterprise_peopletools macos commerce_guided_search communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function +24 more products- Published: Sep. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22946
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requi... Read more
Affected Products : fedora debian_linux curl solidfire_baseboard_management_controller_firmware cloud_backup peoplesoft_enterprise_peopletools macos oncommand_insight oncommand_workflow_automation snapcenter +27 more products- Published: Sep. 29, 2021
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-22944
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protec... Read more
Affected Products : unifi_protect- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-22943
A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protec... Read more
Affected Products : unifi_protect- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22942
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.... Read more
- Published: Oct. 18, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22940
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-22939
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-22938
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-22937
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22936
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-22935
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-22934
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22933
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22932
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue i... Read more
Affected Products : sharefile_storagezones_controller- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22931
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22930
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.... Read more
- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22929
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.... Read more
Affected Products : brave- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22928
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level o... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-22927
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22926
libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport,... Read more
Affected Products : curl active_iq_unified_manager hci_management_node solidfire peoplesoft_enterprise_peopletools oncommand_insight oncommand_workflow_automation snapcenter h300s_firmware h500s_firmware +16 more products- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024