Search Results (364840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3693 2 Debian, Ledgersmb 2 Debian Linux, Ledgersmb 2024-11-21 8.8 High
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
CVE-2021-3692 1 Yiiframework 1 Yii 2024-11-21 5.3 Medium
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
CVE-2021-3690 1 Redhat 14 Camel Quarkus, Enterprise Linux, Fuse and 11 more 2024-11-21 7.5 High
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
CVE-2021-3689 1 Yiiframework 1 Yii 2024-11-21 7.5 High
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
CVE-2021-3688 1 Redhat 2 Jboss Core Services, Jboss Core Services Httpd 2024-11-21 4.8 Medium
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2021-3683 1 Showdoc 1 Showdoc 2024-11-21 6.5 Medium
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3682 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Advanced Virtualization and 1 more 2024-11-21 8.5 High
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
CVE-2021-3681 1 Redhat 2 Ansible Automation Platform, Ansible Galaxy 2024-11-21 5.5 Medium
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.
CVE-2021-3680 1 Showdoc 1 Showdoc 2024-11-21 4.9 Medium
showdoc is vulnerable to Missing Cryptographic Step
CVE-2021-3679 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 5.5 Medium
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
CVE-2021-3678 1 Showdoc 1 Showdoc 2024-11-21 5.9 Medium
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2021-3677 3 Fedoraproject, Postgresql, Redhat 9 Fedora, Postgresql, Enterprise Linux and 6 more 2024-11-21 6.5 Medium
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.
CVE-2021-3675 1 Synaptics 1 Fingerprint Driver 2024-11-21 5.5 Medium
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.
CVE-2021-3673 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.5 High
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.
CVE-2021-3672 6 C-ares Project, Fedoraproject, Nodejs and 3 more 19 C-ares, Fedora, Node.js and 16 more 2024-11-21 5.6 Medium
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
CVE-2021-3671 3 Debian, Netapp, Samba 5 Debian Linux, Management Services For Element Software, Management Services For Netapp Hci and 2 more 2024-11-21 6.5 Medium
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
CVE-2021-3666 1 Xml Body Parser Project 1 Xml Body Parser 2024-11-21 9.8 Critical
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3664 1 Url-parse Project 1 Url-parse 2024-11-21 5.3 Medium
url-parse is vulnerable to URL Redirection to Untrusted Site
CVE-2021-3663 1 Firefly-iii 1 Firefly Iii 2024-11-21 7.5 High
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts
CVE-2021-3662 1 Hp 2 Futuresmart 4, Futuresmart 5 2024-11-21 5.4 Medium
Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).