Latest CVE Feed
-
9.8
CRITICALCVE-2021-1628
MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021.... Read more
Affected Products : mule- Published: Mar. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1627
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021.... Read more
Affected Products : mule- Published: Mar. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1626
MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021.... Read more
Affected Products : mule- Published: Mar. 26, 2021
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2021-1625
A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP... Read more
Affected Products : ios_xe- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-1624
A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a ... Read more
Affected Products : ios_xe asr_1001 asr_1002 asr_1002-x asr_1004 asr_1006 asr_1013 asr_1000 asr_1000-esp100 asr_1001-hx +10 more products- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
7.7
HIGHCVE-2021-1623
A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) conditi... Read more
- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-1622
A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. T... Read more
Affected Products : ios_xe 7600_router asr_901-12c-f-d asr_901-12c-ft-d asr_901-4c-f-d asr_901-4c-ft-d asr_901-6cz-f-a asr_901-6cz-f-d asr_901-6cz-fs-a asr_901-6cz-fs-d +3 more products- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-1621
A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulner... Read more
Affected Products : ios_xe asr_1001 asr_1002 asr_1002-x asr_1004 asr_1006 asr_1013 1100-4g\/6g_integrated_services_router 1100-4p_integrated_services_router 1100-8p_integrated_services_router +35 more products- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1619
A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, ... Read more
Affected Products : ios_xe ios_xe_sd-wan ios_xe_sd-wan_16.10.1_when_installed_on_1000_series_integrated_services ios_xe_sd-wan_16.10.1_when_installed_on_4000_series_integrated_services ios_xe_sd-wan_16.10.1_when_installed_on_asr_1000_series_aggregation_services ios_xe_sd-wan_16.10.1_when_installed_on_integrated_services_virtual ios_xe_sd-wan_16.10.2_when_installed_on_1000_series_integrated_services ios_xe_sd-wan_16.10.2_when_installed_on_4000_series_integrated_services ios_xe_sd-wan_16.10.2_when_installed_on_asr_1000_series_aggregation_services ios_xe_sd-wan_16.10.2_when_installed_on_integrated_services_virtual +136 more products- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-1618
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due... Read more
Affected Products : intersight_virtual_appliance- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-1617
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due... Read more
Affected Products : intersight_virtual_appliance- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
4.7
MEDIUMCVE-2021-1616
A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data v... Read more
Affected Products : ios_xe- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-1615
A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. Th... Read more
- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-1614
A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insuffic... Read more
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-1612
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker... Read more
Affected Products : sd-wan- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-1611
A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could ... Read more
- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1610
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) co... Read more
- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-1609
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) co... Read more
- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-1607
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because ... Read more
Affected Products : identity_services_engine- Published: Jul. 08, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-1606
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because ... Read more
Affected Products : identity_services_engine- Published: Jul. 08, 2021
- Modified: Nov. 21, 2024