Latest CVE Feed
-
7.1
HIGHCVE-2021-3675
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.... Read more
Affected Products : fingerprint_driver- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3673
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.... Read more
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerabili... Read more
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3671
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.... Read more
- Published: Oct. 12, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.... Read more
Affected Products : linux_kernel enterprise_linux fedora debian_linux enterprise_linux_server_aus enterprise_linux_server_tus spectrum_protect_plus openshift_container_platform enterprise_linux_eus virtualization_host +14 more products- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3666
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more
Affected Products : xml_body_parser- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-3664
url-parse is vulnerable to URL Redirection to Untrusted Site... Read more
Affected Products : url-parse- Published: Jul. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3663
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts... Read more
Affected Products : firefly_iii- Published: Jul. 25, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-3662
Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).... Read more
- Published: Oct. 29, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar atta... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3659
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is... Read more
- Published: Aug. 22, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3658
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadver... Read more
- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3657
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows... Read more
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt... Read more
- Published: Mar. 04, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2021-3655
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-3654
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.... Read more
- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3653
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_... Read more
- Published: Sep. 29, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3652
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully au... Read more
Affected Products : 389-ds-base- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3649
chatwoot is vulnerable to Inefficient Regular Expression Complexity... Read more
Affected Products : chatwoot- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-3647
URI.js is vulnerable to URL Redirection to Untrusted Site... Read more
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024