Latest CVE Feed
-
7.4
HIGHCVE-2021-3713
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UA... Read more
- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string... Read more
- Published: Aug. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" par... Read more
- Published: Aug. 24, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3710
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior t... Read more
- Published: Oct. 01, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3709
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.2... Read more
- Published: Oct. 01, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3708
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3707
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable d... Read more
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3706
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag... Read more
Affected Products : web_interface- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-3705
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.... Read more
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3704
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.... Read more
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3703
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.... Read more
Affected Products : openshift_serverless- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2021-3702
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ans... Read more
Affected Products : ansible_runner- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
6.6
MEDIUMCVE-2021-3701
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-r... Read more
Affected Products : ansible_runner- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-3700
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3698
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certifica... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a mali... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus enterprise_linux_server_tus openshift_container_platform enterprise_linux_eus openshift developer_tools enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions +2 more products- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
6.9
MEDIUMCVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker ... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus enterprise_linux_server_tus ontap_select_deploy_administration_utility openshift_container_platform enterprise_linux_eus openshift developer_tools enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus +3 more products- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
4.5
MEDIUMCVE-2021-3695
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a h... Read more
- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-3694
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-3693
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024