Latest CVE Feed
-
5.5
MEDIUMCVE-2021-3744
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.... Read more
- Published: Mar. 04, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-3743
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel inform... Read more
- Published: Mar. 04, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-3739
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal informati... Read more
Affected Products : linux_kernel fedora h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s h500s +8 more products- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3738
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly... Read more
Affected Products : samba- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this... Read more
Affected Products : ubuntu_linux enterprise_linux fedora ontap_select_deploy_administration_utility python communications_cloud_native_core_policy enterprise_linux_for_power_little_endian codeready_linux_builder codeready_linux_builder_for_ibm_z_systems enterprise_linux_for_ibm_z_systems +7 more products- Published: Mar. 04, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3736
A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.... Read more
Affected Products : linux_kernel- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3734
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames... Read more
Affected Products : yourls- Published: Aug. 26, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication reques... Read more
Affected Products : enterprise_linux fedora enterprise_linux_server_aus enterprise_linux_server_tus ontap_select_deploy_administration_utility enterprise_linux_eus python enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus +10 more products- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3732
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.... Read more
Affected Products : linux_kernel- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3730
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : firefly_iii- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-3729
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : firefly_iii- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3728
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : firefly_iii- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3727
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes conta... Read more
Affected Products : oh_my_zsh- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3726
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could us... Read more
Affected Products : oh_my_zsh- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3725
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a car... Read more
Affected Products : oh_my_zsh- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-3723
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet sessio... Read more
Affected Products : system_x3550_m3 system_x3650_m3 system_x3550_m3_firmware system_x3650_m3_firmware- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
5.0
MEDIUMCVE-2021-3722
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.... Read more
Affected Products : pcmanager- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3721
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.... Read more
Affected Products : pcmanager- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3720
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.... Read more
- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024