Search Results (363984 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-31923 1 Pingidentity 1 Pingaccess 2024-11-21 5.3 Medium
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
CVE-2021-31922 1 Pulsesecure 1 Virtual Traffic Manager 2024-11-21 7.5 High
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-31921 2 Istio, Redhat 2 Istio, Service Mesh 2024-11-21 9.8 Critical
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.
CVE-2021-31920 2 Istio, Redhat 2 Istio, Service Mesh 2024-11-21 6.5 Medium
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
CVE-2021-31919 1 Rkyv Project 1 Rkyv 2024-11-21 7.5 High
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.
CVE-2021-31918 1 Redhat 1 Openstack 2024-11-21 7.5 High
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-31917 2 Infinispan, Redhat 3 Infinispan-server-rest, Data Grid, Jboss Data Grid 2024-11-21 9.8 Critical
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-31916 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 6.7 Medium
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-31915 1 Jetbrains 1 Teamcity 2024-11-21 9.8 Critical
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
CVE-2021-31914 2 Jetbrains, Microsoft 2 Teamcity, Windows 2024-11-21 9.8 Critical
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
CVE-2021-31913 1 Jetbrains 1 Teamcity 2024-11-21 7.5 High
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
CVE-2021-31912 1 Jetbrains 1 Teamcity 2024-11-21 8.8 High
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
CVE-2021-31911 1 Jetbrains 1 Teamcity 2024-11-21 6.1 Medium
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
CVE-2021-31910 1 Jetbrains 1 Teamcity 2024-11-21 7.5 High
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
CVE-2021-31909 1 Jetbrains 1 Teamcity 2024-11-21 9.8 Critical
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
CVE-2021-31908 1 Jetbrains 1 Teamcity 2024-11-21 5.4 Medium
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
CVE-2021-31907 1 Jetbrains 1 Teamcity 2024-11-21 5.3 Medium
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
CVE-2021-31906 1 Jetbrains 1 Teamcity 2024-11-21 2.7 Low
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
CVE-2021-31905 1 Jetbrains 1 Youtrack 2024-11-21 7.5 High
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
CVE-2021-31904 1 Jetbrains 1 Teamcity 2024-11-21 6.1 Medium
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.