Latest CVE Feed
-
8.8
HIGHCVE-2021-3725
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a car... Read more
Affected Products : oh_my_zsh- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-3723
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet sessio... Read more
Affected Products : system_x3550_m3 system_x3650_m3 system_x3550_m3_firmware system_x3650_m3_firmware- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
5.0
MEDIUMCVE-2021-3722
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.... Read more
Affected Products : pcmanager- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3721
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.... Read more
Affected Products : pcmanager- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3720
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.... Read more
- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-3719
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbi... Read more
Affected Products : thinkcentre_m4500q_firmware thinkcentre_m73p_firmware thinkcentre_m800_firmware thinkcentre_m900_firmware thinkcentre_m93_firmware thinkcentre_m818z_firmware thinkstation_p300_firmware thinkstation_p500_firmware thinkstation_p700_firmware thinkstation_p900_firmware +30 more products- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
4.7
MEDIUMCVE-2021-3718
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.... Read more
Affected Products : windows_10 windows_7 windows_8.1 linux_kernel thinkpad_l380_firmware thinkpad_p52_firmware thinkpad_p72_firmware thinkpad_x380_yoga_firmware thinkpad_l380 thinkpad_l380_yoga +73 more products- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3717
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity... Read more
Affected Products : enterprise_linux wildfly jboss_enterprise_application_platform single_sign-on wildfly_core- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
3.5
LOWCVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the serve... Read more
- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3715
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to ... Read more
Affected Products : linux_kernel- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-3714
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detec... Read more
- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-3713
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UA... Read more
- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string... Read more
- Published: Aug. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" par... Read more
- Published: Aug. 24, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3710
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior t... Read more
- Published: Oct. 01, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3709
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.2... Read more
- Published: Oct. 01, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3708
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3707
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable d... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3706
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag... Read more
Affected Products : web_interface- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-3705
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.... Read more
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024