Export limit exceeded: 362832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 85319 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85319 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3551 4 Dogtagpki, Fedoraproject, Oracle and 1 more 12 Dogtagpki, Fedora, Linux and 9 more 2024-11-21 7.8 High
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3550 1 Lenovo 1 Pcmanager 2024-11-21 7.8 High
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.
CVE-2021-3548 1 Dmg2img Project 1 Dmg2img 2024-11-21 7.1 High
A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
CVE-2021-3547 1 Openvpn 1 Openvpn 2024-11-21 7.4 High
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
CVE-2021-3546 2 Debian, Qemu 2 Debian Linux, Qemu 2024-11-21 8.2 High
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.
CVE-2021-3530 2 Gnu, Netapp 2 Binutils, Ontap Select Deploy Administration Utility 2024-11-21 7.5 High
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
CVE-2021-3529 1 Redhat 3 Noobaa-operator, Openshift Container Platform, Openshift Container Storage 2024-11-21 7.1 High
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.
CVE-2021-3528 1 Redhat 2 Noobaa-operator, Openshift Container Storage 2024-11-21 8.8 High
A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.
CVE-2021-3523 1 Redhat 1 Apicast 2024-11-21 7.5 High
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.
CVE-2021-3518 6 Debian, Fedoraproject, Netapp and 3 more 20 Debian Linux, Fedora, Active Iq Unified Manager and 17 more 2024-11-21 8.8 High
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
CVE-2021-3516 6 Debian, Fedoraproject, Netapp and 3 more 10 Debian Linux, Fedora, Clustered Data Ontap and 7 more 2024-11-21 7.8 High
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
CVE-2021-3513 1 Redhat 2 Keycloak, Red Hat Single Sign On 2024-11-21 7.5 High
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3512 1 Buffalo 48 Bhr-4grv, Bhr-4grv Firmware, Dwr-hp-g300nh and 45 more 2024-11-21 8.8 High
Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.
CVE-2021-3510 1 Zephyrproject 1 Zephyr 2024-11-21 7.5 High
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
CVE-2021-3506 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, Cloud Backup and 17 more 2024-11-21 7.1 High
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-3501 4 Fedoraproject, Linux, Netapp and 1 more 28 Fedora, Linux Kernel, Cloud Backup and 25 more 2024-11-21 7.1 High
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
CVE-2021-3500 2 Debian, Djvulibre Project 2 Debian Linux, Djvulibre 2024-11-21 7.8 High
A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.
CVE-2021-3496 1 Jhead Project 1 Jhead 2024-11-21 7.8 High
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
CVE-2021-3495 2 Netlify, Redhat 3 Kiali-operator, Openshift Service Mesh, Service Mesh 2024-11-21 8.8 High
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3492 1 Canonical 1 Ubuntu Linux 2024-11-21 8.8 High
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.