Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-28691

    Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed p... Read more

    • EPSS Score: %0.04
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-28690

    x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and pre... Read more

    Affected Products : xen
    • EPSS Score: %0.36
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28689

    x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement para... Read more

    Affected Products : xen
    • EPSS Score: %0.08
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-28688

    The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning u... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.07
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28687

    HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initiali... Read more

    Affected Products : xen
    • EPSS Score: %0.04
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28686

    AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.... Read more

    Affected Products : gputweak_ii
    • EPSS Score: %0.06
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-28685

    AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process... Read more

    Affected Products : gputweak_ii
    • EPSS Score: %0.04
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-28684

    The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).... Read more

    Affected Products : powerarchiver
    • EPSS Score: %0.33
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28683

    An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.... Read more

    Affected Products : envoy
    • EPSS Score: %0.12
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28682

    An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.... Read more

    Affected Products : envoy
    • EPSS Score: %0.09
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-28681

    Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn'... Read more

    Affected Products : webrtc webrtc
    • EPSS Score: %0.10
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-28680

    The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise... Read more

    Affected Products : devise_masquerade
    • EPSS Score: %0.32
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28678

    An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.... Read more

    Affected Products : fedora pillow
    • EPSS Score: %0.08
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28677

    An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for ... Read more

    Affected Products : fedora pillow
    • EPSS Score: %0.22
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-28676

    An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.... Read more

    Affected Products : fedora pillow
    • EPSS Score: %0.30
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28675

    An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.... Read more

    Affected Products : fedora pillow
    • EPSS Score: %0.09
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28674

    The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with increme... Read more

    Affected Products : orion_platform
    • EPSS Score: %0.37
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28673

    Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridg... Read more

    • EPSS Score: %1.03
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28672

    Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridg... Read more

    • EPSS Score: %2.22
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28671

    Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridg... Read more

    • EPSS Score: %1.58
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291358 Results