Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.3

MEDIUM

CVE-2021-3531

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of ...

Affected Products : fedora ceph_storage ceph
Published: May. 18, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3530

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash....

Affected Products : binutils ontap_select_deploy_administration_utility
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
7.1

HIGH

CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the app...

Affected Products : openshift_container_platform noobaa-operator
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3528

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional acc...

Affected Products : noobaa-operator
Published: May. 13, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3527

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate...

Affected Products : enterprise_linux debian_linux qemu
Published: May. 26, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS con...

Affected Products : fedora debian_linux ceph_storage ceph
Published: May. 17, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3523

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address....

Affected Products : apicast
Published: Apr. 27, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3522

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags....

Affected Products : active_iq_unified_manager hci_management_node solidfire oncommand_insight oncommand_workflow_automation e-series_santricity_os_controller e-series_santricity_storage_manager e-series_santricity_web_services snapmanager openjdk +3 more products
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
4.7

MEDIUM

CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer ...

Affected Products : rpm
Published: Aug. 22, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-3520

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The gre...

Affected Products : zfs_storage_appliance_kit active_iq_unified_manager ontap_select_deploy_administration_utility cloud_backup communications_cloud_native_core_policy universal_forwarder lz4
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
6.9

MEDIUM

CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes....

Affected Products : windows_10 thinkstation_p520_firmware thinkstation_p520c_firmware thinkstation_p720_firmware thinkstation_p920_firmware thinkcentre_m710s_firmware thinkcentre_m710t_firmware thinkcentre_m710e_firmware thinkcentre_m810z_firmware thinkcentre_m820z_firmware +109 more products
Published: Nov. 12, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity...

Affected Products : enterprise_linux fedora debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility peoplesoft_enterprise_peopletools libxml2 clustered_data_ontap enterprise_manager_ops_center real_user_experience_insight +10 more products
Published: May. 18, 2021

Modified: Nov. 21, 2024
8.6

HIGH

CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bou...

Affected Products : enterprise_linux fedora zfs_storage_appliance_kit debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility hci_management_node solidfire peoplesoft_enterprise_peopletools libxml2 +20 more products
Published: May. 19, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-3516

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability....

Affected Products : enterprise_linux fedora zfs_storage_appliance_kit debian_linux ontap_select_deploy_administration_utility libxml2 clustered_data_ontap jboss_core_services clustered_data_ontap_antivirus_connector xmllint
Published: Jun. 01, 2021

Modified: Nov. 21, 2024
7.2

HIGH

CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pgl...

Affected Products : pglogical
Published: Jun. 01, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-3514

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash....

Affected Products : 389_directory_server 389-ds-base
Published: May. 28, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3513

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to con...

Affected Products : keycloak single_sign-on
Published: Aug. 22, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3512

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99...

Affected Products : wzr-300hp_firmware wzr-450hp_firmware wzr-600dhp_firmware hw-450hp-zwe_firmware wzr-450hp-cwt_firmware wzr-450hp-ub_firmware wzr-d1100h_firmware whr-hp-g300n_firmware whr-hp-gn_firmware wpl-05g300_firmware +38 more products
Published: Apr. 28, 2021

Modified: Nov. 21, 2024
4.3

MEDIUM

CVE-2021-3511

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 ...

Affected Products : wzr-300hp_firmware wzr-450hp_firmware wzr-600dhp_firmware hw-450hp-zwe_firmware wzr-450hp-cwt_firmware wzr-450hp-ub_firmware wzr-d1100h_firmware whr-hp-g300n_firmware whr-hp-gn_firmware wpl-05g300_firmware +38 more products
Published: Apr. 28, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3510

Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/...

Affected Products : zephyr
Published: Oct. 05, 2021

Modified: Nov. 21, 2024

Showing 20 of 292803 Results

Browse by Apps

Latest CVE Feed

5.3

7.5

7.1

8.8

5.5

6.5

7.5

5.5

4.7

9.8

6.9

8.8

8.6

7.8

7.2

6.5

7.5

8.8

4.3

7.5

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable