Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-3491

    The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading ... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3490

    The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue w... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3489

    The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. Th... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3486

    GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.... Read more

    Affected Products : glpi
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2021-3485

    An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This i... Read more

    Affected Products : endpoint_security_tools
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3483

    A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confiden... Read more

    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-3482

    A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious... Read more

    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-3481

    A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an una... Read more

    Affected Products : qt
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3480

    A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to sy... Read more

    Affected Products : fedora slapi-nis
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3479

    There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3478

    There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availabi... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3477

    There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3476

    A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3475

    There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3474

    There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-3473

    An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore... Read more

    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3472

    A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system... Read more

    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3470

    A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not a... Read more

    Affected Products : redis redis
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3469

    Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that ha... Read more

    Affected Products : foreman
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3468

    A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. Th... Read more

    Affected Products : debian_linux avahi
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292826 Results