Latest CVE Feed
-
9.8
CRITICALCVE-2021-47548
In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of po... Read more
Affected Products : linux_kernel- Published: May. 24, 2024
- Modified: Apr. 01, 2025
-
9.8
CRITICALCVE-2021-45707
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.... Read more
Affected Products : nix- EPSS Score: %0.51
- Published: Dec. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43300
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.... Read more
- EPSS Score: %0.41
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-42377
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare... Read more
Affected Products : fedora cloud_backup hci_management_node solidfire h300s_firmware h500s_firmware h700s_firmware h410s_firmware busybox h300s +9 more products- EPSS Score: %1.86
- Published: Nov. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41842
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler la... Read more
Affected Products : insydeh2o- EPSS Score: %1.22
- Published: Jan. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3942
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.... Read more
Affected Products : laserjet_managed_flow_mfp_e52545c_firmware pagewide_managed_color_flow_mfp_e58650z_firmware pagewide_managed_color_flow_mfp_e77660z_firmware pagewide_pro_577dw_d3q21a_firmware pagewide_pro_477dn_d3q19a_firmware pagewide_pro_477dw_d3q20a_firmware pagewide_377dw_j9v80a_firmware officejet_pro_6960_j7k33a_firmware officejet_pro_6960_t0f30a_firmware officejet_pro_6960_t0f32a_firmware +5390 more products- EPSS Score: %4.43
- Published: Dec. 12, 2022
- Modified: Apr. 25, 2025
-
9.8
CRITICALCVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.... Read more
- EPSS Score: %0.48
- Published: Feb. 16, 2022
- Modified: Mar. 28, 2025
-
9.8
CRITICALCVE-2021-3520
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The gre... Read more
- EPSS Score: %0.13
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34578
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.... Read more
- EPSS Score: %0.34
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33912
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf ... Read more
- EPSS Score: %1.35
- Published: Jan. 19, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33757
Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +9 more products- EPSS Score: %0.99
- Published: Jul. 14, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33574
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a de... Read more
Affected Products : fedora debian_linux solidfire_baseboard_management_controller_firmware cloud_backup e-series_santricity_os_controller h300s_firmware h500s_firmware h700s_firmware h410s_firmware glibc +10 more products- EPSS Score: %0.13
- Published: May. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33388
dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y... Read more
Affected Products : dpic- EPSS Score: %0.16
- Published: Aug. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33204
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.... Read more
Affected Products : pg_partman- EPSS Score: %1.05
- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-4338
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.... Read more
- EPSS Score: %0.47
- Published: Jan. 10, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30474
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.... Read more
Affected Products : aomedia- EPSS Score: %0.17
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30164
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.... Read more
- EPSS Score: %0.21
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-29998
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.... Read more
Affected Products : scalance_x408_firmware scalance_x300_firmware vxworks scalance_x201-3p_irt_firmware scalance_x201-3p_irt_pro_firmware scalance_x202-2p_irt_firmware scalance_x202-2p_irt_pro_firmware scalance_xf201-3p_irt_firmware scalance_xf202-2p_irt_firmware scalance_xf204-2ba_irt_firmware +61 more products- EPSS Score: %1.19
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28967
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.... Read more
- EPSS Score: %0.56
- Published: Mar. 24, 2021
- Modified: Jul. 08, 2025
-
9.8
CRITICALCVE-2021-28804
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4... Read more
- EPSS Score: %1.06
- Published: Jul. 01, 2021
- Modified: Nov. 21, 2024