Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38447 | 1 Objectcomputing | 1 Opendds | 2022-05-12 | 4.3 MEDIUM | 7.5 HIGH |
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition. | |||||
CVE-2021-38435 | 1 Rti | 2 Connext Dds Professional, Connext Dds Secure | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow. | |||||
CVE-2021-38445 | 1 Objectcomputing | 1 Opendds | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code. | |||||
CVE-2021-38443 | 1 Eclipse | 1 Cyclonedds | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. | |||||
CVE-2021-38441 | 1 Eclipse | 1 Cyclonedds | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | |||||
CVE-2021-38439 | 1 Gurum | 1 Gurumdds | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code. | |||||
CVE-2021-38433 | 1 Rti | 2 Connext Dds Professional, Connext Dds Secure | 2022-05-12 | 4.6 MEDIUM | 7.8 HIGH |
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. | |||||
CVE-2021-38429 | 1 Objectcomputing | 1 Opendds | 2022-05-12 | 6.4 MEDIUM | 9.1 CRITICAL |
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure. | |||||
CVE-2021-38425 | 1 Eprosima | 1 Fast Dds | 2022-05-12 | 6.4 MEDIUM | 9.1 CRITICAL |
eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure. | |||||
CVE-2021-38423 | 1 Gurum | 1 Gurumdds | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow. | |||||
CVE-2022-23443 | 1 Fortinet | 1 Fortisoar | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. | |||||
CVE-2021-43206 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-05-12 | 4.3 MEDIUM | 4.3 MEDIUM |
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. | |||||
CVE-2022-20748 | 1 Cisco | 1 Firepower Threat Defense | 2022-05-12 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition. Notes: Manual intervention may be required to recover from this situation. Malware cloud lookup and dynamic analysis will not be impacted. | |||||
CVE-2022-20746 | 1 Cisco | 1 Firepower Threat Defense | 2022-05-12 | 7.1 HIGH | 7.5 HIGH |
A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
CVE-2022-20745 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-12 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
CVE-2022-20742 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-12 | 5.8 MEDIUM | 7.4 HIGH |
A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel. | |||||
CVE-2022-20737 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-12 | 7.0 HIGH | 7.1 HIGH |
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. This vulnerability is due to insufficient bounds checking when parsing specific HTTP authentication messages. An attacker could exploit this vulnerability by sending malicious traffic to an affected device acting as a VPN Gateway. To send this malicious traffic, an attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information. | |||||
CVE-2022-20757 | 1 Cisco | 1 Firepower Threat Defense | 2022-05-12 | 4.3 MEDIUM | 7.5 HIGH |
A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are reached. An attacker could exploit this vulnerability by sending a high rate of UDP traffic through an affected device. A successful exploit could allow the attacker to cause all new, incoming connections to be dropped, resulting in a DoS condition. | |||||
CVE-2022-29263 | 1 F5 | 2 Access Policy Manager Clients, Big-ip Access Policy Manager | 2022-05-12 | 4.6 MEDIUM | 7.8 HIGH |
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
CVE-2022-29479 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2022-05-12 | 5.0 MEDIUM | 5.3 MEDIUM |
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |