Latest CVE Feed
-
7.2
HIGHCVE-2021-3719
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbi... Read more
Affected Products : thinkcentre_m4500q_firmware thinkcentre_m73p_firmware thinkcentre_m800_firmware thinkcentre_m900_firmware thinkcentre_m93_firmware thinkcentre_m818z_firmware thinkstation_p300_firmware thinkstation_p500_firmware thinkstation_p700_firmware thinkstation_p900_firmware +30 more products- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
4.7
MEDIUMCVE-2021-3718
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.... Read more
Affected Products : windows_10 windows_7 windows_8.1 linux_kernel thinkpad_l380_firmware thinkpad_p52_firmware thinkpad_p72_firmware thinkpad_x380_yoga_firmware thinkpad_l380 thinkpad_l380_yoga +73 more products- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3717
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity... Read more
Affected Products : enterprise_linux wildfly jboss_enterprise_application_platform single_sign-on wildfly_core- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
3.5
LOWCVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the serve... Read more
- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3715
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to ... Read more
Affected Products : linux_kernel- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-3714
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detec... Read more
- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-3713
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UA... Read more
- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string... Read more
- Published: Aug. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" par... Read more
- Published: Aug. 24, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3710
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior t... Read more
- Published: Oct. 01, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3709
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.2... Read more
- Published: Oct. 01, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3708
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3707
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable d... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3706
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag... Read more
Affected Products : web_interface- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-3705
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.... Read more
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3704
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.... Read more
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3703
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.... Read more
Affected Products : openshift_serverless- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2021-3702
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ans... Read more
Affected Products : ansible_runner- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
6.6
MEDIUMCVE-2021-3701
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-r... Read more
Affected Products : ansible_runner- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-3700
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024