CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3001 CVE-2021-32566 20 2021-06-30 2021-09-20
5.0
None Remote Low Not required None None Partial
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
3002 CVE-2021-32565 444 2021-06-29 2021-09-20
5.0
None Remote Low Not required None Partial None
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
3003 CVE-2021-32558 74 2021-07-30 2021-11-28
5.0
None Remote Low Not required None None Partial
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
3004 CVE-2021-32545 20 DoS 2022-01-15 2022-01-21
5.0
None Remote Low Not required None None Partial
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.
3005 CVE-2021-32543 287 2021-05-28 2022-05-27
5.5
None Remote Low ??? Partial Partial None
The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity.
3006 CVE-2021-32541 287 2021-05-28 2022-06-03
5.0
None Remote Low Not required None None Partial
The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services
3007 CVE-2021-32532 22 Dir. Trav. 2021-07-07 2021-09-20
5.0
None Remote Low Not required Partial None None
Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.
3008 CVE-2021-32528 +Info 2021-07-07 2021-09-20
5.0
None Remote Low Not required Partial None None
Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
3009 CVE-2021-32527 22 Dir. Trav. 2021-07-07 2021-09-20
5.0
None Remote Low Not required Partial None None
Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
3010 CVE-2021-32522 307 2021-07-07 2021-09-20
5.0
None Remote Low Not required Partial None None
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
3011 CVE-2021-32519 916 2021-07-07 2021-09-20
5.0
None Remote Low Not required Partial None None
Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0.
3012 CVE-2021-32518 59 2021-07-07 2022-07-02
5.0
None Remote Low Not required Partial None None
A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
3013 CVE-2021-32517 2021-07-07 2022-08-04
5.0
None Remote Low Not required Partial None None
Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
3014 CVE-2021-32516 22 Dir. Trav. 2021-07-07 2021-09-20
5.0
None Remote Low Not required Partial None None
Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
3015 CVE-2021-32515 548 2021-07-07 2021-09-20
5.0
None Remote Low Not required Partial None None
Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
3016 CVE-2021-32514 2021-07-07 2022-08-04
5.0
None Remote Low Not required None None Partial
Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
3017 CVE-2021-32499 74 2021-12-17 2022-07-12
5.0
None Remote Low Not required None Partial None
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.
3018 CVE-2021-32483 2021-11-08 2022-07-12
5.0
None Remote Low Not required Partial None None
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.
3019 CVE-2021-32476 770 2022-03-11 2022-08-04
5.0
None Remote Low Not required None None Partial
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
3020 CVE-2021-32473 2022-03-11 2022-03-18
5.0
None Remote Low Not required Partial None None
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected
3021 CVE-2021-32469 125 2021-12-26 2022-01-10
5.0
None Remote Low Not required None None Partial
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0; Out-of-bounds read).
3022 CVE-2021-32468 125 2021-12-26 2022-01-10
5.0
None Remote Low Not required None None Partial
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).
3023 CVE-2021-32467 125 2021-12-26 2022-01-10
5.0
None Remote Low Not required None None Partial
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).
3024 CVE-2021-32459 798 Exec Code 2021-05-27 2021-06-07
5.5
None Remote Low ??? Partial Partial None
Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability.
3025 CVE-2021-32454 798 2021-05-17 2021-05-25
5.8
None Local Network Low Not required Partial Partial Partial
SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.
3026 CVE-2021-32122 352 CSRF 2021-08-11 2021-08-19
5.4
None Local Network Medium Not required Partial Partial Partial
Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.
3027 CVE-2021-32095 862 2021-05-07 2021-05-12
5.5
None Remote Low ??? None Partial Partial
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.
3028 CVE-2021-32077 2021-05-06 2022-07-12
5.0
None Remote Low Not required Partial None None
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.
3029 CVE-2021-32076 290 Bypass 2021-08-26 2021-09-23
5.0
None Remote Low Not required Partial None None
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
3030 CVE-2021-32074 532 +Info 2021-05-07 2021-05-14
5.0
None Remote Low Not required Partial None None
HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.
3031 CVE-2021-32070 1021 2021-08-13 2021-08-23
5.8
None Remote Medium Not required Partial Partial None
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.
3032 CVE-2021-32069 295 2021-08-13 2021-08-23
5.8
None Remote Medium Not required Partial Partial None
The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data.
3033 CVE-2021-32066 326 Bypass 2021-08-01 2022-05-10
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
3034 CVE-2021-32062 22 Dir. Trav. 2021-05-06 2022-07-12
5.0
None Remote Low Not required None Partial None
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
3035 CVE-2021-32061 22 Dir. Trav. 2021-11-29 2021-11-29
5.0
None Remote Low Not required None Partial None
S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element.
3036 CVE-2021-32055 125 2021-05-05 2021-06-01
5.8
None Remote Medium Not required Partial None Partial
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.
3037 CVE-2021-32053 400 2021-05-10 2021-05-19
5.0
None Remote Low Not required None None Partial
JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests.
3038 CVE-2021-32051 89 Sql 2021-05-14 2021-05-21
5.0
None Remote Low Not required Partial None None
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
3039 CVE-2021-32040 787 Overflow 2022-04-12 2022-06-09
5.0
None Remote Low Not required None None Partial
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB versions prior to 5.0.4, 4.4.11, 4.2.16.
3040 CVE-2021-32036 770 DoS 2022-02-04 2022-02-09
5.5
None Remote Low ??? None Partial Partial
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions.
3041 CVE-2021-32032 401 2021-05-21 2021-05-27
5.0
None Remote Low Not required None None Partial
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
3042 CVE-2021-32004 2021-11-22 2021-11-24
5.0
None Remote Low Not required None Partial None
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
3043 CVE-2021-31996 415 2021-05-03 2021-05-11
5.0
None Remote Low Not required None None Partial
An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge().
3044 CVE-2021-31987 Bypass 2021-10-05 2022-07-12
5.1
None Remote High Not required Partial Partial Partial
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
3045 CVE-2021-31977 119 DoS Overflow 2021-06-08 2021-06-14
5.0
None Remote Low Not required None None Partial
Windows Hyper-V Denial of Service Vulnerability
3046 CVE-2021-31974 DoS 2021-06-08 2021-06-11
5.0
None Remote Low Not required None None Partial
Server for NFS Denial of Service Vulnerability
3047 CVE-2021-31968 DoS 2021-06-08 2021-06-11
5.0
None Remote Low Not required None None Partial
Windows Remote Desktop Services Denial of Service Vulnerability
3048 CVE-2021-31964 2021-06-08 2021-06-15
5.5
None Remote Low ??? Partial Partial None
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31950.
3049 CVE-2021-31957 DoS 2021-06-08 2021-07-07
5.0
None Remote Low Not required None None Partial
ASP.NET Denial of Service Vulnerability
3050 CVE-2021-31950 918 2021-06-08 2021-06-15
5.5
None Remote Low ??? Partial Partial None
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964.
Total number of vulnerabilities : 22711   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 (This Page)62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.