Export limit exceeded: 364818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364818 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30651 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 4.9 Medium |
| A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. | ||||
| CVE-2021-30650 | 1 Broadcom | 1 Layer7 Api Management Oauth Toolkit | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application. | ||||
| CVE-2021-30648 | 1 Broadcom | 15 Symantec Advanced Secure Gateway 500-10, Symantec Advanced Secure Gateway 500-10 Firmware, Symantec Advanced Secure Gateway S200-30 and 12 more | 2024-11-21 | 9.8 Critical |
| The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance. | ||||
| CVE-2021-30642 | 1 Symantec | 1 Security Analytics | 2024-11-21 | 9.8 Critical |
| An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. | ||||
| CVE-2021-30641 | 5 Apache, Debian, Fedoraproject and 2 more | 8 Http Server, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.3 Medium |
| Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | ||||
| CVE-2021-30640 | 4 Apache, Debian, Oracle and 1 more | 10 Tomcat, Debian Linux, Communications Cloud Native Core Policy and 7 more | 2024-11-21 | 6.5 Medium |
| A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. | ||||
| CVE-2021-30639 | 3 Apache, Mcafee, Oracle | 3 Tomcat, Epolicy Orchestrator, Big Data Spatial And Graph | 2024-11-21 | 7.5 High |
| A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64. | ||||
| CVE-2021-30638 | 1 Apache | 1 Tapestry | 2024-11-21 | 7.5 High |
| Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1. | ||||
| CVE-2021-30637 | 1 Htmly | 1 Htmly | 2024-11-21 | 5.4 Medium |
| htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php. | ||||
| CVE-2021-30636 | 1 Mediatek | 1 Linkit Software Development Kit | 2024-11-21 | 9.8 Critical |
| In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc. | ||||
| CVE-2021-30635 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 5.3 Medium |
| Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | ||||
| CVE-2021-30630 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-30629 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-30628 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | ||||
| CVE-2021-30627 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-30626 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-30625 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-30624 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-11-21 | 8.8 High |
| Chromium: CVE-2021-30624 Use after free in Autofill | ||||
| CVE-2021-30623 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-11-21 | 8.8 High |
| Chromium: CVE-2021-30623 Use after free in Bookmarks | ||||
| CVE-2021-30622 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-11-21 | 8.8 High |
| Chromium: CVE-2021-30622 Use after free in WebApp Installs | ||||