Latest CVE Feed
-
8.1
HIGHCVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator... Read more
Affected Products : yii- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.... Read more
- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator... Read more
Affected Products : yii- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-3688
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or po... Read more
Affected Products : jboss_core_services_httpd- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3684
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull con... Read more
- Published: Mar. 24, 2023
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3683
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)... Read more
Affected Products : showdoc- Published: Nov. 13, 2021
- Modified: Nov. 21, 2024
-
8.5
HIGHCVE-2021-3682
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to ... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3681
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains ... Read more
- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-3680
showdoc is vulnerable to Missing Cryptographic Step... Read more
Affected Products : showdoc- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3679
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to st... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3678
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)... Read more
Affected Products : showdoc- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. I... Read more
- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-3675
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.... Read more
Affected Products : fingerprint_driver- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3673
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.... Read more
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerabili... Read more
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3671
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.... Read more
- Published: Oct. 12, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.... Read more
Affected Products : linux_kernel enterprise_linux fedora debian_linux enterprise_linux_server_aus enterprise_linux_server_tus spectrum_protect_plus openshift_container_platform enterprise_linux_eus virtualization_host +14 more products- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3666
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more
Affected Products : xml_body_parser- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-3664
url-parse is vulnerable to URL Redirection to Untrusted Site... Read more
Affected Products : url-parse- Published: Jul. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3663
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts... Read more
Affected Products : firefly_iii- Published: Jul. 25, 2021
- Modified: Nov. 21, 2024