Latest CVE Feed
-
8.1
HIGHCVE-2021-4125
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images,... Read more
Affected Products : openshift- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-4124
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products : janus- Published: Dec. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUM- Published: Dec. 16, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-4122
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanentl... Read more
Affected Products : cryptsetup- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-4121
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
- Published: Dec. 16, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-4120
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict sn... Read more
- Published: Feb. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-4119
bookstack is vulnerable to Improper Access Control... Read more
Affected Products : bookstack- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGH- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
7.7
HIGHCVE-2021-4117
yetiforcecrm is vulnerable to Business Logic Errors... Read more
Affected Products : yetiforce_customer_relationship_management- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
6.6
MEDIUMCVE-2021-4116
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing ... Read more
Affected Products : ubuntu_linux enterprise_linux fedora zfs_storage_appliance_kit debian_linux polkit- Published: Feb. 21, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4112
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.... Read more
- Published: Aug. 25, 2022
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2021-4111
yetiforcecrm is vulnerable to Business Logic Errors... Read more
Affected Products : yetiforce_customer_relationship_management- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-4110
mruby is vulnerable to NULL Pointer Dereference... Read more
Affected Products : mruby- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-4108
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products : snipe-it- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-4107
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-4106
A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0... Read more
Affected Products : snow_inventory_java_scanner- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-4105
Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. ... Read more
- Published: Feb. 24, 2023
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender t... Read more
Affected Products : enterprise_linux fedora business_intelligence weblogic_server openshift_container_platform mysql_enterprise_monitor jboss_data_grid software_collections hyperion_data_relationship_management tuxedo +36 more products- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-4103
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.... Read more
Affected Products : vditor- Published: Jan. 23, 2022
- Modified: Nov. 21, 2024