Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-3604

    Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the data... Read more

    Affected Products : secure_8
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-3603

    PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, ... Read more

    Affected Products : fedora phpmailer
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3602

    An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in ... Read more

    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3600

    It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.... Read more

    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-3599

    A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more

    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3598

    There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to... Read more

    Affected Products : enterprise_linux debian_linux openexr
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-3597

    A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35... Read more

    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3596

    A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads... Read more

    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-3595

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issu... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-3594

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-3593

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issu... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-3592

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malic... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-3590

    A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system av... Read more

    Affected Products : satellite foreman
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-3589

    An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integri... Read more

    Affected Products : satellite foreman_ansible
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-3588

    The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.... Read more

    Affected Products : bluez
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3586

    A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to... Read more

    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3585

    A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.... Read more

    Affected Products : tripleo_heat_templates
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-3584

    A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to con... Read more

    Affected Products : foreman satellite
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-3583

    A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routin... Read more

    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3582

    A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on th... Read more

    Affected Products : debian_linux qemu
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results