Latest CVE Feed
-
4.8
MEDIUMCVE-2021-4222
The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed... Read more
Affected Products : wp-paginate- Published: Feb. 28, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-4219
A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.... Read more
Affected Products : imagemagick- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-4218
A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is s... Read more
Affected Products : linux_kernel- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2021-4217
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.... Read more
- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-4216
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.... Read more
Affected Products : mupdf- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-4214
A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.... Read more
- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-4213
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a de... Read more
- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-4212
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more
Affected Products : slim_7-14are05_firmware slim_7-15imh05_firmware slim_7-15itl05_firmware thinkbook_13x_itg_firmware thinkbook_14_g3_itl_firmware thinkbook_plus_g2_itg_firmware yoga_creator_7-15imh05_firmware yoga_slim_7-14are05_firmware yoga_slim_7-14iil05_firmware yoga_slim_7-14itl05_firmware +114 more products- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-4211
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more
Affected Products : thinkcentre_m710s_firmware thinkcentre_m710t_firmware thinkcentre_m710e_firmware thinkcentre_m710q_firmware thinkcentre_m800_firmware thinkcentre_m900_firmware thinkcentre_m910t_firmware thinkcentre_m910s_firmware thinkcentre_m910q_firmware thinkcentre_m910x_firmware +96 more products- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-4210
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more
Affected Products : thinkstation_p520_firmware thinkstation_p520c_firmware thinkcentre_m800_firmware thinkcentre_m900_firmware thinkcentre_m810z_firmware thinkcentre_m820z_firmware thinkcentre_m910z_firmware thinkstation_p310_firmware ideacentre_5-14imb05_firmware ideacentre_g5-14imb05_firmware +54 more products- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-4209
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.... Read more
- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-4208
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users... Read more
Affected Products : exportfeed- Published: Feb. 21, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-4204
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.... Read more
Affected Products : linux_kernel enterprise_linux debian_linux h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s +3 more products- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-4203
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak interna... Read more
Affected Products : linux_kernel active_iq_unified_manager h410c_firmware a700s_firmware hci_management_node solidfire e-series_santricity_os_controller element_software h300s_firmware h500s_firmware +13 more products- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-4202
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leadi... Read more
Affected Products : linux_kernel- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-4201
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 v... Read more
Affected Products : access_management- Published: Feb. 14, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-4200
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.... Read more
- Published: May. 02, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-4199
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to esca... Read more
- Published: Mar. 07, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-4198
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and gen... Read more
Affected Products : antivirus_plus internet_security total_security endpoint_security_tools vpn_standalone- Published: Mar. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-4197
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. I... Read more
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024