Latest CVE Feed
-
6.5
MEDIUMCVE-2021-3853
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products : chaskiq- Published: Jan. 17, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3852
growi is vulnerable to Authorization Bypass Through User-Controlled Key... Read more
Affected Products : growi- Published: Jan. 12, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-3851
firefly-iii is vulnerable to URL Redirection to Untrusted Site... Read more
Affected Products : firefly_iii- Published: Oct. 19, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-3850
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.... Read more
- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3849
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. ... Read more
Affected Products : nextscale_n1200_enclosure_firmware thinkagile_hx_enclosure_certified_node_firmware thinkagile_vx_enclosure_firmware thinksystem_d2_enclosure_firmware nextscale_fan_power_controller_firmware nextscale_n1200_enclosure thinkagile_hx_enclosure_certified_node thinkagile_vx_enclosure thinksystem_d2_enclosure nextscale_fan_power_controller- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3848
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with... Read more
- Published: Oct. 06, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3847
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate... Read more
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3846
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type... Read more
Affected Products : firefly_iii- Published: Oct. 19, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3845
ws-scrcpy is vulnerable to External Control of File Name or Path... Read more
Affected Products : ws_scrcpy- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential... Read more
Affected Products : insightvm- Published: Mar. 24, 2023
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-3843
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more
- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGH- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3840
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package ind... Read more
Affected Products : antilles- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3839
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of thi... Read more
Affected Products : enterprise_linux fedora data_plane_development_kit enterprise_linux_fast_datapath- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-3837
openwhyd is vulnerable to Improper Authorization... Read more
Affected Products : openwhyd- Published: Jan. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3836
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference... Read more
Affected Products : dbeaver- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3835
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf... Read more
Affected Products : zephyr- Published: Feb. 07, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-3834
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).... Read more
Affected Products : integria_ims- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3833
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login... Read more
Affected Products : integria_ims- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3832
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.... Read more
Affected Products : integria_ims- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024