Search Results (366627 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-4095 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 5.5 Medium
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.
CVE-2021-4093 4 Canonical, Fedoraproject, Linux and 1 more 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more 2024-11-21 8.8 High
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.
CVE-2021-4092 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 4.3 Medium
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4089 1 Snipeitapp 1 Snipe-it 2024-11-21 4.3 Medium
snipe-it is vulnerable to Improper Access Control
CVE-2021-4088 1 Mcafee 1 Data Loss Prevention 2024-11-21 8.4 High
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
CVE-2021-4084 1 Pimcore 1 Pimcore 2024-11-21 6.1 Medium
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4083 5 Debian, Linux, Netapp and 2 more 30 Debian Linux, Linux Kernel, H300e and 27 more 2024-11-21 7.0 High
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.
CVE-2021-4082 1 Pimcore 1 Pimcore 2024-11-21 4.3 Medium
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4081 1 Pimcore 1 Pimcore 2024-11-21 6.1 Medium
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4080 1 Craterapp 1 Crater 2024-11-21 8.8 High
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2021-4079 2 Debian, Google 2 Debian Linux, Chrome 2024-11-21 8.8 High
Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.
CVE-2021-4078 2 Debian, Google 2 Debian Linux, Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4076 1 Tang Project 1 Tang 2024-11-21 7.5 High
A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.
CVE-2021-4075 1 Snipeitapp 1 Snipe-it 2024-11-21 7.2 High
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
CVE-2021-4072 1 Elgg 1 Elgg 2024-11-21 5.4 Medium
elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4070 1 V2fly 1 V2ray-core 2024-11-21 9.1 Critical
Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.
CVE-2021-4069 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
vim is vulnerable to Use After Free
CVE-2021-4068 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 6.5 Medium
Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-4067 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 8.8 High
Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4066 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 8.8 High
Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.