Latest CVE Feed
-
6.6
MEDIUMCVE-2021-3701
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-r... Read more
Affected Products : ansible_runner- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-3700
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3698
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certifica... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a mali... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus enterprise_linux_server_tus openshift_container_platform enterprise_linux_eus openshift developer_tools enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions +2 more products- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
6.9
MEDIUMCVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker ... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus enterprise_linux_server_tus ontap_select_deploy_administration_utility openshift_container_platform enterprise_linux_eus openshift developer_tools enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus +3 more products- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
4.5
MEDIUMCVE-2021-3695
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a h... Read more
- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-3694
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-3693
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator... Read more
Affected Products : yii- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.... Read more
- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator... Read more
Affected Products : yii- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-3688
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or po... Read more
Affected Products : jboss_core_services_httpd- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3684
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull con... Read more
- Published: Mar. 24, 2023
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3683
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : showdoc- Published: Nov. 13, 2021
- Modified: Nov. 21, 2024
-
8.5
HIGHCVE-2021-3682
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to ... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3681
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains ... Read more
- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-3680
showdoc is vulnerable to Missing Cryptographic Step... Read more
Affected Products : showdoc- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3679
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to st... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3678
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)... Read more
Affected Products : showdoc- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. I... Read more
- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024