Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.5

HIGH

CVE-2021-3523

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address....

Affected Products : apicast
Published: Apr. 27, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3522

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags....

Affected Products : active_iq_unified_manager hci_management_node solidfire oncommand_insight oncommand_workflow_automation e-series_santricity_os_controller e-series_santricity_storage_manager e-series_santricity_web_services snapmanager openjdk +3 more products
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
4.7

MEDIUM

CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer ...

Affected Products : rpm
Published: Aug. 22, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-3520

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The gre...

Affected Products : zfs_storage_appliance_kit active_iq_unified_manager ontap_select_deploy_administration_utility cloud_backup communications_cloud_native_core_policy universal_forwarder lz4
Published: Jun. 02, 2021

Modified: Nov. 21, 2024
6.9

MEDIUM

CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes....

Affected Products : windows_10 thinkstation_p520_firmware thinkstation_p520c_firmware thinkstation_p720_firmware thinkstation_p920_firmware thinkcentre_m710s_firmware thinkcentre_m710t_firmware thinkcentre_m710e_firmware thinkcentre_m810z_firmware thinkcentre_m820z_firmware +109 more products
Published: Nov. 12, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity...

Affected Products : enterprise_linux fedora debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility peoplesoft_enterprise_peopletools libxml2 clustered_data_ontap enterprise_manager_ops_center real_user_experience_insight +10 more products
Published: May. 18, 2021

Modified: Nov. 21, 2024
8.6

HIGH

CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bou...

Affected Products : enterprise_linux fedora zfs_storage_appliance_kit debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility hci_management_node solidfire peoplesoft_enterprise_peopletools libxml2 +20 more products
Published: May. 19, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-3516

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability....

Affected Products : enterprise_linux fedora zfs_storage_appliance_kit debian_linux ontap_select_deploy_administration_utility libxml2 clustered_data_ontap jboss_core_services clustered_data_ontap_antivirus_connector xmllint
Published: Jun. 01, 2021

Modified: Nov. 21, 2024
7.2

HIGH

CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pgl...

Affected Products : pglogical
Published: Jun. 01, 2021

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2021-3514

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash....

Affected Products : 389_directory_server 389-ds-base
Published: May. 28, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3513

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to con...

Affected Products : keycloak single_sign-on
Published: Aug. 22, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-3512

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99...

Affected Products : wzr-300hp_firmware wzr-450hp_firmware wzr-600dhp_firmware hw-450hp-zwe_firmware wzr-450hp-cwt_firmware wzr-450hp-ub_firmware wzr-d1100h_firmware whr-hp-g300n_firmware whr-hp-gn_firmware wpl-05g300_firmware +38 more products
Published: Apr. 28, 2021

Modified: Nov. 21, 2024
4.3

MEDIUM

CVE-2021-3511

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 ...

Affected Products : wzr-300hp_firmware wzr-450hp_firmware wzr-600dhp_firmware hw-450hp-zwe_firmware wzr-450hp-cwt_firmware wzr-450hp-ub_firmware wzr-d1100h_firmware whr-hp-g300n_firmware whr-hp-gn_firmware wpl-05g300_firmware +38 more products
Published: Apr. 28, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-3510

Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/...

Affected Products : zephyr
Published: Oct. 05, 2021

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation,...

Affected Products : ceph_storage
Published: May. 27, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3508

A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file....

Affected Products : pdfresurrect
Published: Apr. 28, 2021

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2021-3507

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged gu...

Affected Products : enterprise_linux debian_linux qemu
Published: May. 06, 2021

Modified: Nov. 21, 2024
7.1

HIGH

CVE-2021-3506

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or ...

Affected Products : linux_kernel debian_linux solidfire_baseboard_management_controller_firmware h410c_firmware cloud_backup h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s +10 more products
Published: Apr. 19, 2021

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2021-3505

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called befo...

Affected Products : enterprise_linux fedora libtpms
Published: Apr. 19, 2021

Modified: Nov. 21, 2024
5.8

MEDIUM

CVE-2021-3504

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory bey...

Affected Products : enterprise_linux fedora debian_linux hivex
Published: May. 11, 2021

Modified: Nov. 21, 2024

Showing 20 of 293542 Results

Browse by Apps

Latest CVE Feed

7.5

5.5

4.7

9.8

6.9

8.8

8.6

7.8

7.2

6.5

7.5

8.8

4.3

7.5

6.1

5.5

6.1

7.1

5.5

5.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable