Export limit exceeded: 362832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85319 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3612 6 Debian, Fedoraproject, Linux and 3 more 26 Debian Linux, Fedora, Linux Kernel and 23 more 2024-11-21 7.8 High
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3609 3 Linux, Netapp, Redhat 46 Linux Kernel, H300e, H300e Firmware and 43 more 2024-11-21 7.0 High
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
CVE-2021-3606 2 Microsoft, Openvpn 2 Windows, Openvpn 2024-11-21 7.8 High
OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).
CVE-2021-3603 2 Fedoraproject, Phpmailer Project 2 Fedora, Phpmailer 2024-11-21 8.1 High
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.
CVE-2021-3600 4 Canonical, Fedoraproject, Linux and 1 more 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more 2024-11-21 7.8 High
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.
CVE-2021-3590 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 8.8 High
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3589 2 Redhat, Theforeman 2 Satellite, Foreman Ansible 2024-11-21 8.0 High
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3584 2 Redhat, Theforeman 4 Satellite, Satellite Capsule, Satellite Utils and 1 more 2024-11-21 7.2 High
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.
CVE-2021-3583 1 Redhat 3 Ansible Automation Platform, Ansible Engine, Ansible Tower 2024-11-21 7.1 High
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2021-3581 1 Zephyrproject 1 Zephyr 2024-11-21 7 High
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5
CVE-2021-3580 4 Debian, Netapp, Nettle Project and 1 more 4 Debian Linux, Ontap Select Deploy Administration Utility, Nettle and 1 more 2024-11-21 7.5 High
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
CVE-2021-3579 1 Bitdefender 2 Endpoint Security Tools, Total Security 2024-11-21 7.8 High
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.
CVE-2021-3578 3 Debian, Fedoraproject, Isync Project 3 Debian Linux, Fedora, Isync 2024-11-21 7.8 High
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
CVE-2021-3577 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2024-11-21 8.8 High
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.
CVE-2021-3576 1 Bitdefender 2 Endpoint Security Tools, Total Security 2024-11-21 7.8 High
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.
CVE-2021-3571 3 Fedoraproject, Linuxptp Project, Redhat 3 Fedora, Linuxptp, Enterprise Linux 2024-11-21 7.1 High
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.
CVE-2021-3570 4 Debian, Fedoraproject, Linuxptp Project and 1 more 8 Debian Linux, Fedora, Linuxptp and 5 more 2024-11-21 8.8 High
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
CVE-2021-3567 1 Gnome 1 Caribou 2024-11-21 7.5 High
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability.
CVE-2021-3561 3 Debian, Fedoraproject, Fig2dev Project 3 Debian Linux, Fedora, Fig2dev 2024-11-21 7.1 High
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.
CVE-2021-3555 1 Eufylife 4 Solo Indoorcam C24, Solo Indoorcam C24 Firmware, Solo Indoorcam P24 and 1 more 2024-11-21 7.6 High
A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions.