Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.1

MEDIUM

CVE-2021-3457

An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and ...

Affected Products : smart_proxy_shell_hooks
Published: May. 12, 2021

Modified: Nov. 21, 2024
7.1

HIGH

CVE-2021-3456

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete...

Affected Products : smart_proxy_salt
Published: Mar. 30, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3455

Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp...

Affected Products : zephyr
Published: Oct. 19, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3454

Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zep...

Affected Products : zephyr
Published: Oct. 19, 2021

Modified: Nov. 21, 2024
6.8

MEDIUM

CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage....

Affected Products : 730s-13iml_firmware ideapad_1-11igl05_firmware ideapad_1-14igl05_firmware ideapad_s940-14iil_firmware yoga_s940-14iil_firmware ideapad_slim_1-14ast-05_firmware ideapad_slim_1-11ast-05_firmware yoga_s730-13iml_firmware v330-15ikb_firmware v330-15isk_firmware +33 more products
Published: Jul. 16, 2021

Modified: Nov. 21, 2024
6.7

MEDIUM

CVE-2021-3452

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code....

Affected Products : thinkpad_l380 thinkpad_l380_yoga thinkpad_x380_yoga thinkpad_yoga_370 bios thinkpad_t460 thinkpad_x260 thinkpad_e14_gen_2 thinkpad_e15_gen_2 thinkpad_l14 +17 more products
Published: Jul. 16, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3451

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations....

Affected Products : pcmanager
Published: Apr. 27, 2021

Modified: Nov. 21, 2024
7.4

HIGH

CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encod...

Affected Products : fedora ontap_select_deploy_administration_utility weblogic_server peoplesoft_enterprise_peopletools oncommand_workflow_automation openssl commerce_guided_search freebsd jd_edwards_enterpriseone_tools mysql_enterprise_monitor +26 more products
Published: Mar. 25, 2021

Modified: Nov. 21, 2024
5.9

MEDIUM

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes ...

Affected Products : fedora zfs_storage_appliance_kit debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility peoplesoft_enterprise_peopletools oncommand_insight oncommand_workflow_automation snapcenter openssl +157 more products
Published: Mar. 25, 2021

Modified: Nov. 21, 2024
4.3

MEDIUM

CVE-2021-3448

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, on...

Affected Products : enterprise_linux fedora communications_cloud_native_core_network_function_cloud_native_environment dnsmasq
Published: Apr. 08, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3447

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were n...

Affected Products : fedora ansible_tower ansible
Published: Apr. 01, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3446

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the las...

Affected Products : enterprise_linux fedora libtpms
Published: Mar. 25, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3445

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing ...

Affected Products : enterprise_linux fedora libdnf
Published: May. 19, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-3444

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory ...

Affected Products : linux_kernel ubuntu_linux debian_linux
Published: Mar. 23, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3443

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened....

Affected Products : enterprise_linux fedora jasper
Published: Mar. 25, 2021

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2021-3442

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidential...

Affected Products : openshift_api_management
Published: Aug. 22, 2022

Modified: Nov. 21, 2024
4.8

MEDIUM

CVE-2021-3441

A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS)....

Affected Products : officejet_7110_firmware officejet_7110
Published: Oct. 29, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-3440

HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege....

Affected Products : hp_smart
Published: Nov. 01, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-3438

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege....

Affected Products : color_laser_150_4zb94a color_laser_150_4zb95a color_laser_mfp_170_4zb96a color_laser_mfp_170_4zb97a color_laser_mfp_170_6hu08a color_laser_mfp_170_6hu09a laser_100_209u7a laser_100_4zb79a laser_100_4zb80a laser_100_4zb81a +372 more products
Published: May. 20, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-3436

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more informa...

Affected Products : zephyr
Published: Oct. 05, 2021

Modified: Nov. 21, 2024

Showing 20 of 292817 Results

Browse by Apps

Latest CVE Feed

6.1

7.1

7.5

7.5

6.8

6.7

5.5

7.4

5.9

4.3

5.5

5.5

7.5

7.8

5.5

5.4

4.8

7.8

7.8

6.5

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable