• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-862

CVE-2021-32504

February 23, 2023 by

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.

CVE-2021-32095

February 23, 2023 by

U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.

CVE-2021-32172

February 23, 2023 by

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.

CVE-2021-32015

February 23, 2023 by

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.

CVE-2021-32093

February 23, 2023 by

The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.

CVE-2021-31921

February 23, 2023 by

Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 110
  • Go to page 111
  • Go to page 112
  • Go to page 113
  • Go to page 114
  • Interim pages omitted …
  • Go to page 211
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE