Search Results (364967 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3749 4 Axios, Oracle, Redhat and 1 more 9 Axios, Goldengate, Acm and 6 more 2024-11-21 7.5 High
axios is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3748 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 7.5 High
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
CVE-2021-3747 2 Apple, Canonical 2 Macos, Multipass 2024-11-21 8.8 High
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
CVE-2021-3746 3 Fedoraproject, Libtpms Project, Redhat 3 Fedora, Libtpms, Enterprise Linux 2024-11-21 6.5 Medium
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
CVE-2021-3745 1 Flatcore 1 Flatcore-cms 2024-11-21 6.6 Medium
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2021-3744 5 Debian, Fedoraproject, Linux and 2 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2024-11-21 5.5 Medium
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
CVE-2021-3743 5 Fedoraproject, Linux, Netapp and 2 more 22 Fedora, Linux Kernel, H300e and 19 more 2024-11-21 7.1 High
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-3739 3 Fedoraproject, Linux, Netapp 18 Fedora, Linux Kernel, H300e and 15 more 2024-11-21 7.1 High
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.
CVE-2021-3738 1 Samba 1 Samba 2024-11-21 8.8 High
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.
CVE-2021-3736 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.
CVE-2021-3734 1 Yourls 1 Yourls 2024-11-21 8.8 High
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames
CVE-2021-3732 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
CVE-2021-3731 2 Debian, Ledgersmb 2 Debian Linux, Ledgersmb 2024-11-21 5.9 Medium
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
CVE-2021-3730 1 Firefly-iii 1 Firefly Iii 2024-11-21 6.5 Medium
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3729 1 Firefly-iii 1 Firefly Iii 2024-11-21 4.3 Medium
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3728 1 Firefly-iii 1 Firefly Iii 2024-11-21 6.5 Medium
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3727 1 Planetargon 1 Oh My Zsh 2024-11-21 7.5 High
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).
CVE-2021-3726 1 Planetargon 1 Oh My Zsh 2024-11-21 7.5 High
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.
CVE-2021-3725 1 Planetargon 1 Oh My Zsh 2024-11-21 7.5 High
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.
CVE-2021-3723 1 Ibm 4 System X3550 M3, System X3550 M3 Firmware, System X3650 M3 and 1 more 2024-11-21 7.2 High
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.