Export limit exceeded: 364976 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364976 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-22917 1 Brave 1 Browser 2024-11-21 6.5 Medium
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.
CVE-2021-22916 1 Brave 1 Brave 2024-11-21 5.9 Medium
In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.
CVE-2021-22915 2 Fedoraproject, Nextcloud 2 Fedora, Nextcloud Server 2024-11-21 9.8 Critical
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.
CVE-2021-22914 1 Citrix 1 Cloud Connector 2024-11-21 7.5 High
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.
CVE-2021-22913 1 Nextcloud 1 Deck 2024-11-21 6.5 Medium
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.
CVE-2021-22912 1 Nextcloud 1 Nextcloud 2024-11-21 6.5 Medium
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.
CVE-2021-22911 1 Rocket.chat 1 Rocket.chat 2024-11-21 9.8 Critical
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
CVE-2021-22910 1 Rocket.chat 1 Rocket.chat 2024-11-21 9.8 Critical
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
CVE-2021-22909 1 Ui 2 Edgemax Edgerouter, Edgemax Edgerouter Firmware 2024-11-21 7.5 High
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.
CVE-2021-22908 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-11-21 8.8 High
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
CVE-2021-22907 1 Citrix 1 Workspace 2024-11-21 7.8 High
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.
CVE-2021-22906 1 Nextcloud 1 End-to-end Encryption 2024-11-21 6.5 Medium
Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users.
CVE-2021-22905 1 Nextcloud 1 Nextcloud 2024-11-21 6.5 Medium
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
CVE-2021-22904 2 Redhat, Rubyonrails 2 Satellite, Rails 2024-11-21 7.5 High
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.
CVE-2021-22903 1 Rubyonrails 1 Rails 2024-11-21 6.1 Medium
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.
CVE-2021-22902 2 Redhat, Rubyonrails 2 Satellite, Rails 2024-11-21 7.5 High
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
CVE-2021-22901 6 Haxx, Netapp, Oracle and 3 more 35 Curl, Active Iq Unified Manager, Cloud Backup and 32 more 2024-11-21 8.1 High
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
CVE-2021-22896 1 Nextcloud 1 Nextcloud 2024-11-21 4.3 Medium
Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.
CVE-2021-22895 2 Debian, Nextcloud 2 Debian Linux, Desktop 2024-11-21 5.9 Medium
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.
CVE-2021-22892 1 Rocket.chat 1 Rocket.chat 2024-11-21 7.5 High
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.