Export limit exceeded: 43746 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43746 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3666 | 1 Xml Body Parser Project | 1 Xml Body Parser | 2024-11-21 | 9.8 Critical |
| body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||||
| CVE-2021-3660 | 2 Cockpit-project, Redhat | 2 Cockpit, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. | ||||
| CVE-2021-3657 | 4 Debian, Fedoraproject, Isync Project and 1 more | 4 Debian Linux, Fedora, Isync and 1 more | 2024-11-21 | 9.8 Critical |
| A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. | ||||
| CVE-2021-3649 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 7.5 High |
| chatwoot is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3645 | 1 Merge Project | 1 Merge | 2024-11-21 | 9.8 Critical |
| merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||||
| CVE-2021-3635 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 4.4 Medium |
| A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands. | ||||
| CVE-2021-3625 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 9.6 Critical |
| Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 | ||||
| CVE-2021-3624 | 2 Dcraw Project, Debian | 2 Dcraw, Debian Linux | 2024-11-21 | 7.8 High |
| There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. | ||||
| CVE-2021-3612 | 6 Debian, Fedoraproject, Linux and 3 more | 26 Debian Linux, Fedora, Linux Kernel and 23 more | 2024-11-21 | 7.8 High |
| An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2021-3611 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. | ||||
| CVE-2021-3607 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-11-21 | 6.0 Medium |
| An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3605 | 3 Debian, Openexr, Redhat | 3 Debian Linux, Openexr, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | ||||
| CVE-2021-3600 | 4 Canonical, Fedoraproject, Linux and 1 more | 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. | ||||
| CVE-2021-3598 | 3 Debian, Openexr, Redhat | 3 Debian Linux, Openexr, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | ||||
| CVE-2021-3588 | 1 Bluez | 1 Bluez | 2024-11-21 | 3.3 Low |
| The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. | ||||
| CVE-2021-3586 | 1 Redhat | 3 Openshift Service Mesh, Service Mesh, Servicemesh-operator | 2024-11-21 | 9.8 Critical |
| A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-3582 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 6.5 Medium |
| A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3581 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7 High |
| Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 | ||||
| CVE-2021-3571 | 3 Fedoraproject, Linuxptp Project, Redhat | 3 Fedora, Linuxptp, Enterprise Linux | 2024-11-21 | 7.1 High |
| A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. | ||||
| CVE-2021-3570 | 4 Debian, Fedoraproject, Linuxptp Project and 1 more | 8 Debian Linux, Fedora, Linuxptp and 5 more | 2024-11-21 | 8.8 High |
| A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. | ||||