Latest CVE Feed
-
6.5
MEDIUMCVE-2021-3975
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDoma... Read more
Affected Products : ubuntu_linux enterprise_linux fedora debian_linux enterprise_linux_server_tus ontap_select_deploy_administration_utility enterprise_linux_eus enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus +4 more products- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGH- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
9.3
HIGH- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2021-3972
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM v... Read more
Affected Products : ideapad_3-15ada05_firmware ideapad_3-14ada05_firmware ideapad_3-14ada6_firmware ideapad_3-14alc6_firmware ideapad_3-15ada6_firmware ideapad_3-15alc6_firmware ideapad_3-17alc6_firmware ideapad_3-17ada05_firmware ideapad_3-17ada6_firmware legion_s7-15ach6_firmware +200 more products- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2021-3971
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region b... Read more
- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-3970
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more
Affected Products : ideapad_3-15ada05_firmware ideapad_3-14ada05_firmware ideapad_3-14ada6_firmware ideapad_3-14alc6_firmware ideapad_3-15ada6_firmware ideapad_3-15alc6_firmware ideapad_3-17alc6_firmware ideapad_3-17ada05_firmware ideapad_3-17ada6_firmware legion_s7-15ach6_firmware +200 more products- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3969
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.... Read more
Affected Products : system_interface_foundation- Published: May. 18, 2022
- Modified: Nov. 21, 2024
-
8.5
HIGHCVE-2021-3968
vim is vulnerable to Heap-based Buffer Overflow... Read more
- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3967
Improper Access Control in GitHub repository zulip/zulip prior to 4.10.... Read more
Affected Products : zulip- Published: Feb. 26, 2022
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-3966
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.... Read more
Affected Products : zephyr- Published: Jan. 11, 2023
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3965
Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.... Read more
Affected Products : designjet_t920_cr355a_firmware designjet_t920_cr355b_firmware designjet_t920_cr354a_firmware designjet_t930_l2y22a_firmware designjet_t930_l2y22b_firmware designjet_t930_l2y21a_firmware designjet_t930_l2y21b_firmware designjet_t1530_l2y24a_firmware designjet_t1530_l2y24b_firmware designjet_t1530_l2y23a_firmware +44 more products- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-3964
elgg is vulnerable to Authorization Bypass Through User-Controlled Key... Read more
Affected Products : elgg- Published: Dec. 01, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-3963
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3962
A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by I... Read more
Affected Products : imagemagick- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-3961
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products : snipe-it- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3960
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender Grav... Read more
Affected Products : gravityzone- Published: Dec. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3959
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to... Read more
Affected Products : gravityzone- Published: Dec. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3958
Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0.... Read more
Affected Products : scada_automation- Published: Nov. 16, 2021
- Modified: Nov. 21, 2024
-
4.6
MEDIUMCVE-2021-3957
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-3956
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthent... Read more
Affected Products : xclarity_controller thinksystem_sr630 thinkstation_p920 thinksystem_sd650 thinksystem_sn550 thinksystem_sn850 thinksystem_sr850 thinksystem_sr860 thinksystem_sr530 thinksystem_sr550 +36 more products- Published: May. 18, 2022
- Modified: Nov. 21, 2024