Latest CVE Feed
-
7.5
HIGHCVE-2021-3706
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag... Read more
Affected Products : web_interface- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-3705
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.... Read more
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3704
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.... Read more
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3703
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.... Read more
Affected Products : openshift_serverless- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2021-3702
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ans... Read more
Affected Products : ansible_runner- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
6.6
MEDIUMCVE-2021-3701
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-r... Read more
Affected Products : ansible_runner- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-3700
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3698
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certifica... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a mali... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus enterprise_linux_server_tus openshift_container_platform enterprise_linux_eus openshift developer_tools enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions +2 more products- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
6.9
MEDIUMCVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker ... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus enterprise_linux_server_tus ontap_select_deploy_administration_utility openshift_container_platform enterprise_linux_eus openshift developer_tools enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus +3 more products- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
4.5
MEDIUMCVE-2021-3695
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a h... Read more
- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-3694
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-3693
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator... Read more
Affected Products : yii- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.... Read more
- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator... Read more
Affected Products : yii- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-3688
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or po... Read more
Affected Products : jboss_core_services_httpd- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3684
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull con... Read more
- Published: Mar. 24, 2023
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3683
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : showdoc- Published: Nov. 13, 2021
- Modified: Nov. 21, 2024
-
8.5
HIGHCVE-2021-3682
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to ... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024