Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34756 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34755 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34736 | 1 Cisco | 23 Ucs C125 M5, Ucs C220 M3, Ucs C220 M4 and 20 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition. | |||||
| CVE-2021-34714 | 1 Cisco | 225 Firepower 4100, Firepower 4110, Firepower 4112 and 222 more | 2023-11-07 | 5.7 MEDIUM | 7.4 HIGH |
| A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process. | |||||
| CVE-2021-33620 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | |||||
| CVE-2021-32642 | 2 Fedoraproject, Uninett | 2 Fedora, Radsecproxy | 2023-11-07 | 7.5 HIGH | 9.4 CRITICAL |
| radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy. | |||||
| CVE-2021-30917 | 1 Apple | 7 Ipad Os, Ipados, Iphone Os and 4 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30881 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Unpacking a maliciously crafted archive may lead to arbitrary code execution. | |||||
| CVE-2021-30862 | 1 Apple | 1 Itunes U | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | |||||
| CVE-2021-30589 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. | |||||
| CVE-2021-29468 | 1 Cygwin | 1 Git | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio. | |||||
| CVE-2021-29425 | 4 Apache, Debian, Netapp and 1 more | 60 Commons Io, Debian Linux, Active Iq Unified Manager and 57 more | 2023-11-07 | 5.8 MEDIUM | 4.8 MEDIUM |
| In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | |||||
| CVE-2021-28655 | 1 Apache | 1 Zeppelin | 2023-11-07 | N/A | 6.5 MEDIUM |
| The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | |||||
| CVE-2021-28547 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud Desktop Application, Macos, Windows | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority. | |||||
| CVE-2021-27923 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27922 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27921 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-26404 | 1 Amd | 46 Epyc 7003, Epyc 7003 Firmware, Epyc 7313 and 43 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. | |||||
| CVE-2021-22827 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions | |||||
| CVE-2021-22826 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions | |||||