Search Results (364976 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3783 1 Yourls 1 Yourls 2024-11-21 6.1 Medium
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3781 2 Artifex, Fedoraproject 2 Ghostscript, Fedora 2024-11-21 9.9 Critical
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3780 1 Framasoft 1 Peertube 2024-11-21 6.1 Medium
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3779 1 Ruby-mysql Project 1 Ruby-mysql 2024-11-21 6.5 Medium
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.
CVE-2021-3778 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more 2024-11-21 7.8 High
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3777 1 Tmpl Project 1 Tmpl 2024-11-21 7.5 High
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3776 1 Showdoc 1 Showdoc 2024-11-21 5.4 Medium
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3775 1 Showdoc 1 Showdoc 2024-11-21 5.4 Medium
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3772 5 Debian, Linux, Netapp and 2 more 26 Debian Linux, Linux Kernel, E-series Santricity Os Controller and 23 more 2024-11-21 6.5 Medium
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
CVE-2021-3770 3 Fedoraproject, Netapp, Vim 3 Fedora, Ontap Select Deploy Administration Utility, Vim 2024-11-21 7.8 High
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3769 1 Planetargon 1 Oh My Zsh 2024-11-21 7.5 High
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.
CVE-2021-3768 1 Bookstackapp 1 Bookstack 2024-11-21 5.4 Medium
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3767 1 Bookstackapp 1 Bookstack 2024-11-21 5.4 Medium
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3766 1 Objection Project 1 Objection 2024-11-21 9.8 Critical
objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3765 2 Redhat, Validator Project 2 Openshift Data Foundation, Validator 2024-11-21 7.5 High
validator.js is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3764 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 5.5 Medium
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
CVE-2021-3763 1 Redhat 1 Amq Broker 2024-11-21 4.3 Medium
A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.
CVE-2021-3762 1 Redhat 2 Clair, Quay 2024-11-21 9.8 Critical
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.
CVE-2021-3761 2 Cloudflare, Debian 2 Octorpki, Debian Linux 2024-11-21 7.5 High
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues.
CVE-2021-3760 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-11-21 7.8 High
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.