Latest CVE Feed
-
7.8
HIGH- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3748
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest cou... Read more
Affected Products : ubuntu_linux enterprise_linux fedora debian_linux qemu enterprise_linux_advanced_virtualization_eus- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3747
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.... Read more
- Published: Oct. 01, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-3746
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written... Read more
- Published: Oct. 19, 2021
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-3745
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type... Read more
Affected Products : flatcore-cms- Published: Oct. 28, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3744
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.... Read more
- Published: Mar. 04, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-3743
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel inform... Read more
- Published: Mar. 04, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-3739
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal informati... Read more
Affected Products : linux_kernel fedora h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s h500s +8 more products- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3738
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly... Read more
Affected Products : samba- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this... Read more
Affected Products : ubuntu_linux enterprise_linux fedora ontap_select_deploy_administration_utility python communications_cloud_native_core_policy enterprise_linux_for_power_little_endian codeready_linux_builder codeready_linux_builder_for_ibm_z_systems enterprise_linux_for_ibm_z_systems +7 more products- Published: Mar. 04, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3736
A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.... Read more
Affected Products : linux_kernel- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3734
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames... Read more
Affected Products : yourls- Published: Aug. 26, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication reques... Read more
Affected Products : enterprise_linux fedora enterprise_linux_server_aus enterprise_linux_server_tus ontap_select_deploy_administration_utility enterprise_linux_eus python enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus +10 more products- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3732
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.... Read more
Affected Products : linux_kernel- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3730
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : firefly_iii- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-3729
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : firefly_iii- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3728
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : firefly_iii- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3727
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes conta... Read more
Affected Products : oh_my_zsh- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3726
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could us... Read more
Affected Products : oh_my_zsh- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024