Export limit exceeded: 43159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25134 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25134 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4219 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.5 Medium |
| A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. | ||||
| CVE-2021-4212 | 1 Lenovo | 124 C340-14iml, C340-14iml Firmware, C340-15iml and 121 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-4211 | 1 Lenovo | 106 A340-22icb, A340-22icb Firmware, A340-22ick and 103 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-4210 | 1 Lenovo | 64 A540-24icb, A540-24icb Firmware, A540-27icb and 61 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-4204 | 4 Debian, Linux, Netapp and 1 more | 15 Debian Linux, Linux Kernel, H300s and 12 more | 2024-11-21 | 7.1 High |
| An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. | ||||
| CVE-2021-4183 | 3 Fedoraproject, Oracle, Wireshark | 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 5.5 Medium |
| Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file | ||||
| CVE-2021-4180 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2024-11-21 | 4.3 Medium |
| An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1. | ||||
| CVE-2021-4177 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.3 Medium |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | ||||
| CVE-2021-4159 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 4.4 Medium |
| A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. | ||||
| CVE-2021-4138 | 1 Mozilla | 1 Geckodriver | 2024-11-21 | 5.3 Medium |
| Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. | ||||
| CVE-2021-4135 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. | ||||
| CVE-2021-4125 | 1 Redhat | 1 Openshift | 2024-11-21 | 8.1 High |
| It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6. | ||||
| CVE-2021-4120 | 2 Canonical, Fedoraproject | 3 Snapd, Ubuntu Linux, Fedora | 2024-11-21 | 8.2 High |
| snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | ||||
| CVE-2021-4117 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 Medium |
| yetiforcecrm is vulnerable to Business Logic Errors | ||||
| CVE-2021-4111 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 Medium |
| yetiforcecrm is vulnerable to Business Logic Errors | ||||
| CVE-2021-4104 | 4 Apache, Fedoraproject, Oracle and 1 more | 59 Log4j, Fedora, Advanced Supply Chain Planning and 56 more | 2024-11-21 | 7.5 High |
| JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
| CVE-2021-4076 | 1 Tang Project | 1 Tang | 2024-11-21 | 7.5 High |
| A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. | ||||
| CVE-2021-4059 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-4047 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.5 High |
| The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. | ||||
| CVE-2021-4041 | 1 Redhat | 2 Ansible Automation Platform, Ansible Runner | 2024-11-21 | 7.8 High |
| A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. | ||||