Latest CVE Feed
-
4.9
MEDIUMCVE-2021-3463
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.... Read more
Affected Products : thinkpad_e480 thinkpad_e580 thinkpad_l380 thinkpad_l380_yoga thinkpad_l480 thinkpad_l580 thinkpad_p51 thinkpad_p51s thinkpad_p52 thinkpad_p52s +115 more products- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3462
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.... Read more
Affected Products : thinkpad_e480 thinkpad_e580 thinkpad_l380 thinkpad_l380_yoga thinkpad_l480 thinkpad_l580 thinkpad_p51 thinkpad_p51s thinkpad_p52 thinkpad_p52s +115 more products- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-3461
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].... Read more
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3460
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.... Read more
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-3459
A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the adapter.... Read more
- Published: Aug. 17, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-3458
The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified.... Read more
- Published: Aug. 17, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-3457
An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and ... Read more
Affected Products : smart_proxy_shell_hooks- Published: May. 12, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-3456
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete... Read more
Affected Products : smart_proxy_salt- Published: Mar. 30, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3455
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp... Read more
Affected Products : zephyr- Published: Oct. 19, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3454
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zep... Read more
Affected Products : zephyr- Published: Oct. 19, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-3453
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.... Read more
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2021-3452
A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.... Read more
Affected Products : thinkpad_l380 thinkpad_l380_yoga thinkpad_x380_yoga thinkpad_yoga_370 bios thinkpad_t460 thinkpad_x260 thinkpad_e14_gen_2 thinkpad_e15_gen_2 thinkpad_l14 +17 more products- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3451
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations.... Read more
Affected Products : pcmanager- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-3450
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encod... Read more
- Published: Mar. 25, 2021
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes ... Read more
- Published: Mar. 25, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-3448
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, on... Read more
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3447
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were n... Read more
- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3446
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the las... Read more
- Published: Mar. 25, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3445
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing ... Read more
- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3444
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory ... Read more
- Published: Mar. 23, 2021
- Modified: Nov. 21, 2024