Latest CVE Feed
-
5.5
MEDIUMCVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.... Read more
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-3619
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in ... Read more
Affected Products : velociraptor- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic a... Read more
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-3617
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.... Read more
- Published: Aug. 17, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3616
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.... Read more
- Published: Aug. 17, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-3615
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.... Read more
- Published: Aug. 17, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-3614
A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.... Read more
Affected Products : 100e_2nd_gen_firmware 300e_2nd_gen_firmware ideapad_1-11ada05_firmware ideapad_1-11igl05_firmware ideapad_1-14ada05_firmware ideapad_1-14igl05_firmware ideapad_s940-14iil_firmware ideapad_slim_1-14ast-05_firmware ideapad_slim_1-11ast-05_firmware v130-15ikb_firmware +32 more products- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3613
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVP... Read more
Affected Products : connect- Published: Jul. 02, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3612
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges... Read more
Affected Products : linux_kernel enterprise_linux fedora debian_linux solidfire_baseboard_management_controller_firmware h410c_firmware cloud_backup h300s_firmware h500s_firmware h700s_firmware +16 more products- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3611
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability ... Read more
- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3610
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-3609
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel all... Read more
Affected Products : linux_kernel enterprise_linux_server_aus enterprise_linux_server_tus h410c_firmware openshift_container_platform enterprise_linux_eus h300s_firmware h500s_firmware h700s_firmware h410s_firmware +33 more products- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
6.0
MEDIUMCVE-2021-3608
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to th... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
6.0
MEDIUMCVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privi... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3606
OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (op... Read more
- Published: Jul. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3605
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to applicatio... Read more
- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3604
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the data... Read more
Affected Products : secure_8- Published: Jun. 18, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, ... Read more
- Published: Jun. 17, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3602
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in ... Read more
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3600
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.... Read more
- Published: Jan. 08, 2024
- Modified: Nov. 21, 2024