Latest CVE Feed
-
5.5
MEDIUMCVE-2021-3681
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains ... Read more
- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-3680
showdoc is vulnerable to Missing Cryptographic Step... Read more
Affected Products : showdoc- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3679
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to st... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3678
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)... Read more
Affected Products : showdoc- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. I... Read more
- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-3675
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.... Read more
Affected Products : fingerprint_driver- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3673
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.... Read more
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerabili... Read more
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3671
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.... Read more
- Published: Oct. 12, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.... Read more
Affected Products : linux_kernel enterprise_linux fedora debian_linux enterprise_linux_server_aus enterprise_linux_server_tus spectrum_protect_plus openshift_container_platform enterprise_linux_eus virtualization_host +14 more products- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3666
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more
Affected Products : xml_body_parser- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-3664
url-parse is vulnerable to URL Redirection to Untrusted Site... Read more
Affected Products : url-parse- Published: Jul. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3663
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts... Read more
Affected Products : firefly_iii- Published: Jul. 25, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-3662
Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).... Read more
- Published: Oct. 29, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar atta... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3659
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is... Read more
- Published: Aug. 22, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3658
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadver... Read more
- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3657
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows... Read more
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt... Read more
- Published: Mar. 04, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2021-3655
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024