Latest CVE Feed
-
7.2
HIGHCVE-2021-4211
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more
Affected Products : thinkcentre_m710s_firmware thinkcentre_m710t_firmware thinkcentre_m710e_firmware thinkcentre_m710q_firmware thinkcentre_m800_firmware thinkcentre_m900_firmware thinkcentre_m910t_firmware thinkcentre_m910s_firmware thinkcentre_m910q_firmware thinkcentre_m910x_firmware +96 more products- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-4210
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more
Affected Products : thinkstation_p520_firmware thinkstation_p520c_firmware thinkcentre_m800_firmware thinkcentre_m900_firmware thinkcentre_m810z_firmware thinkcentre_m820z_firmware thinkcentre_m910z_firmware thinkstation_p310_firmware ideacentre_5-14imb05_firmware ideacentre_g5-14imb05_firmware +54 more products- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-4209
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.... Read more
- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-4208
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users... Read more
Affected Products : exportfeed- Published: Feb. 21, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-4204
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.... Read more
Affected Products : linux_kernel enterprise_linux debian_linux h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s +3 more products- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-4203
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak interna... Read more
Affected Products : linux_kernel active_iq_unified_manager h410c_firmware a700s_firmware hci_management_node solidfire e-series_santricity_os_controller element_software h300s_firmware h500s_firmware +13 more products- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-4202
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leadi... Read more
Affected Products : linux_kernel- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-4201
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 v... Read more
Affected Products : access_management- Published: Feb. 14, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-4200
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.... Read more
- Published: May. 02, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-4199
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to esca... Read more
- Published: Mar. 07, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-4198
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and gen... Read more
Affected Products : antivirus_plus internet_security total_security endpoint_security_tools vpn_standalone- Published: Mar. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-4197
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. I... Read more
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-4195
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes.This issue affects Customer Relation Manager: before 2022... Read more
Affected Products : customer_relation_manager- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-4194
bookstack is vulnerable to Improper Access Control... Read more
Affected Products : bookstack- Published: Jan. 06, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUM- Published: Dec. 31, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGH- Published: Dec. 31, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-4191
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.... Read more
Affected Products : gitlab- Published: Mar. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-4190
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file... Read more
- Published: Dec. 30, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-4189
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP s... Read more
Affected Products : enterprise_linux debian_linux ontap_select_deploy_administration_utility python software_collections- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-4188
mruby is vulnerable to NULL Pointer Dereference... Read more
Affected Products : mruby- Published: Dec. 30, 2021
- Modified: Nov. 21, 2024