Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-30651 1 Broadcom 1 Symantec Messaging Gateway 2024-11-21 4.9 Medium
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.
CVE-2021-30650 1 Broadcom 1 Layer7 Api Management Oauth Toolkit 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.
CVE-2021-30648 1 Broadcom 15 Symantec Advanced Secure Gateway 500-10, Symantec Advanced Secure Gateway 500-10 Firmware, Symantec Advanced Secure Gateway S200-30 and 12 more 2024-11-21 9.8 Critical
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
CVE-2021-30642 1 Symantec 1 Security Analytics 2024-11-21 9.8 Critical
An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.
CVE-2021-30641 5 Apache, Debian, Fedoraproject and 2 more 8 Http Server, Debian Linux, Fedora and 5 more 2024-11-21 5.3 Medium
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
CVE-2021-30640 4 Apache, Debian, Oracle and 1 more 10 Tomcat, Debian Linux, Communications Cloud Native Core Policy and 7 more 2024-11-21 6.5 Medium
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
CVE-2021-30639 3 Apache, Mcafee, Oracle 3 Tomcat, Epolicy Orchestrator, Big Data Spatial And Graph 2024-11-21 7.5 High
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.
CVE-2021-30638 1 Apache 1 Tapestry 2024-11-21 7.5 High
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.
CVE-2021-30637 1 Htmly 1 Htmly 2024-11-21 5.4 Medium
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
CVE-2021-30636 1 Mediatek 1 Linkit Software Development Kit 2024-11-21 9.8 Critical
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
CVE-2021-30635 1 Sonatype 1 Nexus Repository Manager 2024-11-21 5.3 Medium
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).
CVE-2021-30630 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 4.3 Medium
Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
CVE-2021-30629 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30628 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
CVE-2021-30627 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30626 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30625 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30624 2 Fedoraproject, Microsoft 3 Fedora, Edge, Edge Chromium 2024-11-21 8.8 High
Chromium: CVE-2021-30624 Use after free in Autofill
CVE-2021-30623 2 Fedoraproject, Microsoft 3 Fedora, Edge, Edge Chromium 2024-11-21 8.8 High
Chromium: CVE-2021-30623 Use after free in Bookmarks
CVE-2021-30622 2 Fedoraproject, Microsoft 3 Fedora, Edge, Edge Chromium 2024-11-21 8.8 High
Chromium: CVE-2021-30622 Use after free in WebApp Installs