Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-22565

    An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.... Read more

    • EPSS Score: %0.16
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22564

    For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to anothe... Read more

    Affected Products : libjxl
    • EPSS Score: %0.04
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.5

    MEDIUM
    CVE-2021-22563

    Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgr... Read more

    Affected Products : libjxl
    • EPSS Score: %0.04
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22557

    SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173... Read more

    Affected Products : slo_generator
    • EPSS Score: %0.54
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22556

    The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to k... Read more

    Affected Products : fuchsia
    • EPSS Score: %0.02
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-22555

    A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space... Read more

    • EPSS Score: %82.42
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-22553

    Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recom... Read more

    Affected Products : gerrit
    • EPSS Score: %0.15
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22552

    An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the ... Read more

    Affected Products : asylo
    • EPSS Score: %0.02
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22550

    An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c... Read more

    Affected Products : asylo
    • EPSS Score: %0.02
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22549

    An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c... Read more

    Affected Products : asylo
    • EPSS Score: %0.02
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22548

    An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recom... Read more

    Affected Products : asylo
    • EPSS Score: %0.02
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22547

    In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other ... Read more

    • EPSS Score: %0.03
    • Published: May. 04, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-22545

    An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7... Read more

    Affected Products : bindiff
    • EPSS Score: %0.06
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2021-22543

    An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM... Read more

    • EPSS Score: %0.00
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22540

    Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.... Read more

    Affected Products : dart_software_development_kit
    • EPSS Score: %0.36
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-22539

    An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on ... Read more

    Affected Products : bazel
    • EPSS Score: %0.08
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-22538

    A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create... Read more

    • EPSS Score: %0.24
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-22535

    Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.... Read more

    • EPSS Score: %0.23
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-22531

    A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0... Read more

    Affected Products : access_manager
    • EPSS Score: %0.23
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-22528

    Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4... Read more

    Affected Products : access_manager netiq_access_manager
    • EPSS Score: %0.36
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290974 Results