The product does not properly verify that the source of data or communication is valid.
556 vulnerabilities with CWE-346
CVE-2021-26737
MEDIUM
Zscaler Client Connector < 3.6 - Unauthenticated Denial of Service via RPC Client Validation Race Condition
CVSS 5.5
CVE-2021-26735
MEDIUM
Zscaler Client Connector < 3.6 - Unquoted Search Path Privilege Escalation
CVSS 6.7
CVE-2021-33959
HIGH
Plex Media Server < 1.21 - Denial of Service via DDOS Reflection Attack
CVSS 7.5
CVE-2021-32985
HIGH
AVEVA System Platform <2020 R2 P01 - Info Disclosure
CVSS 7.2
CVE-2021-46701
HIGH
PreMiD 2.2.0 - Unauthenticated WebSocket Event Interception
CVSS 7.2
CVE-2021-44458
HIGH
Mirantis Lens < 5.2.6 - Unauthenticated Remote Code Execution via WebSocket Terminal Feature
CVSS 8.3
CVE-2021-45441
HIGH
Trend Micro Apex One - Privilege Escalation via Pipe Command Injection
CVSS 7.8
CVE-2021-4024
MEDIUM
Podman <3.4.3 - gvproxy API Exposure Allows Host-to-VM Port Forwarding
CVSS 6.5
CVE-2021-44935
CRITICAL
glFusion CMS v1.7.9 - Arbitrary User Impersonation via Comment Endpoint
CVSS 9.1
CVE-2021-39063
CRITICAL
IBM Spectrum Protect Plus 10.1.0-10.1.8.x - Origin Validation Error via CORS Misconfiguration
CVSS 9.1
CVE-2021-43531
MEDIUM
Firefox < 94.0 - Origin Validation Error via Web Extension Context Menu
CVSS 4.3
CVE-2021-38507
MEDIUM
HTTP2 Opportunistic Encryption - SSRF
CVSS 6.5
CVE-2021-38497
MEDIUM
Firefox < 93, Thunderbird < 91.2, Firefox ESR < 91.2 - CSRF
CVSS 6.5
CVE-2021-41158
MEDIUM
FreeSWITCH <1.10.7 - Info Disclosure
CVSS 5.8
CVE-2021-37967
MEDIUM
Google Chrome < 94.0.4606.54 - Cross-Origin Data Leak via Background Fetch API
CVSS 4.3
CVE-2021-37966
MEDIUM
Google Chrome < 94.0.4606.54 - URL Spoofing via Omnibox Manipulation
CVSS 4.3
CVE-2021-30630
MEDIUM
Google Chrome <93.0.4577.82 - Info Disclosure
CVSS 4.3
CVE-2021-41088
HIGH
Elvish < 0.14.0 - Origin Validation Error in Web UI Backend
CVSS 8.0
CVE-2021-39185
CRITICAL
http4s < 0.21.27, 0.22.0-0.22.2, 0.23.0-0.23.1, 1.0.0-M1-1.0.0-M24 - Origin Validation Error in CORS Configuration
CVSS 9.1
CVE-2021-34435
HIGH
Eclipse Theia 0.3.9-1.8.1 - Remote Code Execution via Mini-Browser HTML Preview
CVSS 8.8
CVE-2021-39175
HIGH
HedgeDoc < 1.9.0 - Unauthenticated Cross-Site Scripting via Slide Mode Speaker Notes
CVSS 8.1
CVE-2021-30596
MEDIUM
Google Chrome < 92.0.4515.131 - Unauthenticated URL Spoofing via Omnibox Manipulation
CVSS 4.3
CVE-2021-39270
HIGH
Ping Identity RSA SecurID Integration Kit < 3.2 - User Impersonation via Origin Validation Error
CVSS 7.5
CVE-2021-37705
CRITICAL
OneFuzz 2.12.0-2.31.0 - Authenticated Origin Validation Error via Multi-Tenant Domain Configuration
CVSS 10.0
CVE-2021-21229
MEDIUM
Google Chrome < 90.0.4430.93 - Domain Spoofing via Download Security UI
CVSS 6.5
Details
Vulnerabilities
556