Latest CVE Feed
-
6.3
MEDIUMCVE-2021-4097
phpservermon is vulnerable to Improper Neutralization of CRLF Sequences... Read more
Affected Products : php_server_monitor- Published: Dec. 12, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4096
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up... Read more
Affected Products : fancy_product_designer- Published: Apr. 19, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-4095
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4093
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction... Read more
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUM- Published: Dec. 11, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-4091
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.... Read more
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-4090
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access t... Read more
Affected Products : linux_kernel h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s h500s h700s +7 more products- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-4089
snipe-it is vulnerable to Improper Access Control... Read more
Affected Products : snipe-it- Published: Dec. 10, 2021
- Modified: Nov. 21, 2024
-
8.4
HIGHCVE-2021-4088
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead... Read more
Affected Products : data_loss_prevention- Published: Jan. 24, 2022
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-4084
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products : pimcore- Published: Dec. 10, 2021
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to cr... Read more
Affected Products : linux_kernel debian_linux h410c_firmware hci_management_node solidfire h300s_firmware h500s_firmware h700s_firmware h410s_firmware communications_cloud_native_core_policy +13 more products- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-4082
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : pimcore- Published: Dec. 10, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-4081
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products : pimcore- Published: Dec. 10, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4080
crater is vulnerable to Unrestricted Upload of File with Dangerous Type... Read more
Affected Products : crater- Published: Jan. 12, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4079
Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.... Read more
- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4078
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more
- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-4076
A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.... Read more
Affected Products : tang- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-4075
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)... Read more
Affected Products : snipe-it- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-4074
The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1... Read more
Affected Products : whmcs_bridge- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-4073
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_... Read more
Affected Products : registrationmagic- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024