Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2021-40089

    An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Acce... Read more

    Affected Products : ejbca
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40088

    An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces mu... Read more

    Affected Products : ejbca
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-40087

    An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be ... Read more

    Affected Products : ejbca
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-40086

    An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from dir... Read more

    Affected Products : ejbca
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40085

    An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.... Read more

    Affected Products : debian_linux neutron smart_vms
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40084

    opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers (a program with the same specification) does not do... Read more

    Affected Products : opensysusers
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40083

    Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).... Read more

    Affected Products : knot_resolver
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-40067

    The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to... Read more

    Affected Products : mobility
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-40066

    The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerab... Read more

    Affected Products : mobility
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40065

    The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40064

    There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40063

    There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40062

    There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-40061

    There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40060

    There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-40059

    There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.... Read more

    Affected Products : emui magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40058

    There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40057

    There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-40056

    There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-40055

    There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293425 Results