Search Results (86091 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-4199 1 Bitdefender 4 Antivirus Plus, Endpoint Security Tools, Internet Security and 1 more 2024-11-21 7.8 High
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.
CVE-2021-4197 6 Broadcom, Debian, Linux and 3 more 16 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 13 more 2024-11-21 7.8 High
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2021-4192 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2024-11-21 7.8 High
vim is vulnerable to Use After Free
CVE-2021-4188 1 Mruby 1 Mruby 2024-11-21 7.5 High
mruby is vulnerable to NULL Pointer Dereference
CVE-2021-4168 1 Showdoc 1 Showdoc 2024-11-21 8.8 High
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4166 7 Apple, Debian, Fedoraproject and 4 more 8 Mac Os X, Macos, Debian Linux and 5 more 2024-11-21 7.1 High
vim is vulnerable to Out-of-bounds Read
CVE-2021-4164 1 Janeczku 1 Calibre-web 2024-11-21 8.8 High
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4157 5 Fedoraproject, Linux, Netapp and 2 more 18 Fedora, Linux Kernel, H300e and 15 more 2024-11-21 8.0 High
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.
CVE-2021-4154 3 Linux, Netapp, Redhat 6 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux and 3 more 2024-11-21 8.8 High
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
CVE-2021-4144 1 Tp-link 2 Tl-wr802n, Tl-wr802n Firmware 2024-11-21 8.8 High
TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.
CVE-2021-4136 3 Apple, Fedoraproject, Vim 4 Mac Os X, Macos, Fedora and 1 more 2024-11-21 7.8 High
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-4133 1 Redhat 3 Keycloak, Red Hat Single Sign On, Rhosemc 2024-11-21 8.8 High
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.
CVE-2021-4131 1 Livehelperchat 1 Live Helper Chat 2024-11-21 8.8 High
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4130 1 Snipeitapp 1 Snipe-it 2024-11-21 8.8 High
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4125 1 Redhat 1 Openshift 2024-11-21 8.1 High
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
CVE-2021-4120 2 Canonical, Fedoraproject 3 Snapd, Ubuntu Linux, Fedora 2024-11-21 8.2 High
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVE-2021-4118 1 Lightningai 1 Pytorch Lightning 2024-11-21 7.8 High
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
CVE-2021-4112 1 Redhat 5 Ansible Automation Platform, Ansible Automation Platform Early Access, Ansible Automation Platform Text-only Advisories and 2 more 2024-11-21 8.8 High
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
CVE-2021-4110 1 Mruby 1 Mruby 2024-11-21 7.5 High
mruby is vulnerable to NULL Pointer Dereference
CVE-2021-4106 1 Snowsoftware 1 Snow Inventory Java Scanner 2024-11-21 7.8 High
A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0