Search Results (364578 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-34816 1 Etherpad 1 Etherpad 2024-11-21 7.2 High
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
CVE-2021-34815 1 Checksec 1 Canopy 2024-11-21 4.8 Medium
CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter.
CVE-2021-34814 1 Proofpoint 1 Spam Engine 2024-11-21 7.5 High
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.
CVE-2021-34813 1 Matrix 1 Olm 2024-11-21 9.8 Critical
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.
CVE-2021-34812 1 Synology 1 Calendar 2024-11-21 5.8 Medium
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-34811 1 Synology 1 Download Station 2024-11-21 5 Medium
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.
CVE-2021-34810 1 Synology 1 Download Station 2024-11-21 9.9 Critical
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34809 1 Synology 1 Download Station 2024-11-21 9.9 Critical
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34808 1 Synology 1 Media Server 2024-11-21 5.8 Medium
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
CVE-2021-34807 1 Zimbra 1 Collaboration 2024-11-21 6.1 Medium
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value).
CVE-2021-34805 1 Land-software 1 Faust Iserver 2024-11-21 7.5 High
An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.
CVE-2021-34803 2 Microsoft, Teamviewer 2 Windows, Teamviewer 2024-11-21 7.8 High
TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.
CVE-2021-34802 1 Neo4j 1 Graph Databse 2024-11-21 8.8 High
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.
CVE-2021-34801 1 Valine.js 1 Valine 2024-11-21 5.3 Medium
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
CVE-2021-34800 1 Acronis 1 Agent 2024-11-21 7.5 High
Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147
CVE-2021-34798 9 Apache, Broadcom, Debian and 6 more 21 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 18 more 2024-11-21 7.5 High
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-34797 1 Apache 1 Geode 2024-11-21 7.5 High
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.
CVE-2021-34795 1 Cisco 10 Catalyst Pon Switch Cgp-ont-1p, Catalyst Pon Switch Cgp-ont-1p Firmware, Catalyst Pon Switch Cgp-ont-4p and 7 more 2024-11-21 10 Critical
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-34794 1 Cisco 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more 2024-11-21 5.3 Medium
A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.
CVE-2021-34793 1 Cisco 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 16 more 2024-11-21 8.6 High
A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability. This vulnerability is due to incorrect handling of certain TCP segments when the affected device is operating in transparent mode. An attacker could exploit this vulnerability by sending a crafted TCP segment through an affected device. A successful exploit could allow the attacker to poison the MAC address tables in adjacent devices, resulting in network disruption.