Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2021-3476

    A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3475

    There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3474

    There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-3473

    An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore... Read more

    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3472

    A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system... Read more

    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-3470

    A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not a... Read more

    Affected Products : redis redis
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3469

    Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that ha... Read more

    Affected Products : foreman
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3468

    A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. Th... Read more

    Affected Products : debian_linux avahi
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3467

    A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash wh... Read more

    Affected Products : fedora jasper
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3466

    A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulner... Read more

    Affected Products : enterprise_linux fedora libmicrohttpd
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3464

    A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.... Read more

    Affected Products : pcmanager
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-3463

    A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.... Read more

    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3462

    A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.... Read more

    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-3461

    A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].... Read more

    Affected Products : keycloak single_sign-on
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3460

    The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.... Read more

    Affected Products : mh702x_firmware mh702x
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-3459

    A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the adapter.... Read more

    Affected Products : mm1000_firmware mm1000
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3458

    The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified.... Read more

    Affected Products : mm1000_firmware mm1000
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-3457

    An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and ... Read more

    Affected Products : smart_proxy_shell_hooks
    • Published: May. 12, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-3456

    An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete... Read more

    Affected Products : smart_proxy_salt
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3455

    Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp... Read more

    Affected Products : zephyr
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292834 Results