Total
12593 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40120 | 1 Cisco | 8 Application Extension Platform, Ios Xr, Rv016 and 5 more | 2024-11-21 | 6.5 Medium |
| A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as a user with root-level privileges. | ||||
| CVE-2021-40085 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Neutron, Openstack | 2024-11-21 | 6.5 Medium |
| An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. | ||||
| CVE-2021-40017 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. | ||||
| CVE-2021-3970 | 1 Lenovo | 210 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 207 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-3943 | 1 Moodle | 1 Moodle | 2024-11-21 | 9.8 Critical |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | ||||
| CVE-2021-3911 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.2 Medium |
| If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | ||||
| CVE-2021-3910 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.4 Medium |
| OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | ||||
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 7.4 High |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | ||||
| CVE-2021-3843 | 1 Lenovo | 59 Thinkpad 11e 3rd Gen, Thinkpad 11e 3rd Gen Firmware, Thinkpad 11e 4th Gen Celeron and 56 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-3802 | 3 Fedoraproject, Redhat, Udisks Project | 3 Fedora, Enterprise Linux, Udisks | 2024-11-21 | 4.2 Medium |
| A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3786 | 1 Lenovo | 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more | 2024-11-21 | 4.4 Medium |
| A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | ||||
| CVE-2021-3781 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2024-11-21 | 9.9 Critical |
| A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2021-3754 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | 5.3 Medium |
| A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. | ||||
| CVE-2021-3719 | 1 Lenovo | 40 Thinkcentre E93, Thinkcentre E93 Firmware, Thinkcentre M4500q and 37 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-3675 | 1 Synaptics | 1 Fingerprint Driver | 2024-11-21 | 5.5 Medium |
| Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64. | ||||
| CVE-2021-3673 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.5 High |
| A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. | ||||
| CVE-2021-3664 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 5.3 Medium |
| url-parse is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3655 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 3.3 Low |
| A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. | ||||
| CVE-2021-3624 | 2 Dcraw Project, Debian | 2 Dcraw, Debian Linux | 2024-11-21 | 7.8 High |
| There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. | ||||
| CVE-2021-3612 | 6 Debian, Fedoraproject, Linux and 3 more | 26 Debian Linux, Fedora, Linux Kernel and 23 more | 2024-11-21 | 7.8 High |
| An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||