Export limit exceeded: 35015 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35015 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0109 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. | ||||
| CVE-2022-0097 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 9.6 Critical |
| Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. | ||||
| CVE-2021-4326 | 1 Linuxfoundation | 1 Zowe | 2024-11-21 | 3.3 Low |
| A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI. | ||||
| CVE-2021-4210 | 1 Lenovo | 64 A540-24icb, A540-24icb Firmware, A540-27icb and 61 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-4191 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. | ||||
| CVE-2021-4171 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| calibre-web is vulnerable to Business Logic Errors | ||||
| CVE-2021-4160 | 4 Debian, Openssl, Oracle and 1 more | 8 Debian Linux, Openssl, Enterprise Manager Ops Center and 5 more | 2024-11-21 | 5.9 Medium |
| There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). | ||||
| CVE-2021-4146 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 Medium |
| Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. | ||||
| CVE-2021-4138 | 1 Mozilla | 1 Geckodriver | 2024-11-21 | 5.3 Medium |
| Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. | ||||
| CVE-2021-4076 | 1 Tang Project | 1 Tang | 2024-11-21 | 7.5 High |
| A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. | ||||
| CVE-2021-4054 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||
| CVE-2021-4047 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.5 High |
| The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. | ||||
| CVE-2021-4023 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. | ||||
| CVE-2021-46899 | 1 Antonymale | 1 Synctrayzor | 2024-11-21 | 7.8 High |
| SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application. | ||||
| CVE-2021-46895 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop. | ||||
| CVE-2021-46893 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity. | ||||
| CVE-2021-46892 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-46836 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-46812 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. | ||||
| CVE-2021-46789 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 High |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. | ||||