Latest CVE Feed
-
6.1
MEDIUMCVE-2021-4107
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-4106
A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0... Read more
Affected Products : snow_inventory_java_scanner- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-4105
Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. ... Read more
- Published: Feb. 24, 2023
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender t... Read more
Affected Products : enterprise_linux fedora business_intelligence weblogic_server openshift_container_platform mysql_enterprise_monitor jboss_data_grid software_collections hyperion_data_relationship_management tuxedo +36 more products- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-4103
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.... Read more
Affected Products : vditor- Published: Jan. 23, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4101
Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4100
Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4099
Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-4098
Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2021-4097
phpservermon is vulnerable to Improper Neutralization of CRLF Sequences... Read more
Affected Products : php_server_monitor- Published: Dec. 12, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4096
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up... Read more
Affected Products : fancy_product_designer- Published: Apr. 19, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-4095
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-4093
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction... Read more
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUM- Published: Dec. 11, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-4091
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.... Read more
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-4090
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access t... Read more
Affected Products : linux_kernel h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s h500s h700s +7 more products- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-4089
snipe-it is vulnerable to Improper Access Control... Read more
Affected Products : snipe-it- Published: Dec. 10, 2021
- Modified: Nov. 21, 2024
-
8.4
HIGHCVE-2021-4088
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead... Read more
Affected Products : data_loss_prevention- Published: Jan. 24, 2022
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-4084
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products : pimcore- Published: Dec. 10, 2021
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to cr... Read more
Affected Products : linux_kernel debian_linux h410c_firmware hci_management_node solidfire h300s_firmware h500s_firmware h700s_firmware h410s_firmware communications_cloud_native_core_policy +13 more products- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024