Selection:
XSS CSRF Privilege Buffer Remote Stack
CVE ID Name Status References
CVE-2021-3475

There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.

Assigned (20210329)

GENTOO:GLSA-202107-27 | URL:https://security.gentoo.org/glsa/202107-27 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939144 | MLIST:[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update | URL:https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html | MLIST:[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update | URL:https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html

CVE-2021-34754

Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet.

Assigned (20210615)

CISCO:20211027 Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP

CVE-2021-34755

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

Assigned (20210615)

CISCO:20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8

CVE-2021-34756

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

Assigned (20210615)

CISCO:20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8

CVE-2021-34757

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.

Assigned (20210615)

CISCO:20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX

CVE-2021-34758

A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.

Assigned (20210615)

CISCO:20211006 Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT

CVE-2021-34759

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials.

Assigned (20210615)

CISCO:20210901 Cisco Identity Services Engine Cross-Site Scripting Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-4HnZFewr


Page created:

CVE year by year statistics.

CVE year statistics by common vulnerability domain.

Latest data from: 2024-03-25