Latest CVE Feed
-
9.3
HIGHCVE-2021-3624
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.... Read more
- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-3623
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highes... Read more
- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-3622
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from t... Read more
- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via ... Read more
- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.... Read more
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-3619
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in ... Read more
Affected Products : velociraptor- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic a... Read more
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-3617
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.... Read more
- Published: Aug. 17, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3616
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.... Read more
- Published: Aug. 17, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-3615
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.... Read more
- Published: Aug. 17, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-3614
A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.... Read more
Affected Products : 100e_2nd_gen_firmware 300e_2nd_gen_firmware ideapad_1-11ada05_firmware ideapad_1-11igl05_firmware ideapad_1-14ada05_firmware ideapad_1-14igl05_firmware ideapad_s940-14iil_firmware ideapad_slim_1-14ast-05_firmware ideapad_slim_1-11ast-05_firmware v130-15ikb_firmware +32 more products- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3613
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVP... Read more
Affected Products : connect- Published: Jul. 02, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3612
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges... Read more
Affected Products : linux_kernel enterprise_linux fedora debian_linux solidfire_baseboard_management_controller_firmware h410c_firmware cloud_backup h300s_firmware h500s_firmware h700s_firmware +16 more products- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3611
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability ... Read more
- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3610
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-3609
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel all... Read more
Affected Products : linux_kernel enterprise_linux_server_aus enterprise_linux_server_tus h410c_firmware openshift_container_platform enterprise_linux_eus h300s_firmware h500s_firmware h700s_firmware h410s_firmware +33 more products- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
6.0
MEDIUMCVE-2021-3608
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to th... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
6.0
MEDIUMCVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privi... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3606
OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (op... Read more
- Published: Jul. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3605
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to applicatio... Read more
- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024