Search Results (364232 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-4217 3 Fedoraproject, Redhat, Unzip Project 3 Fedora, Enterprise Linux, Unzip 2024-11-21 3.3 Low
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2021-4216 1 Artifex 1 Mupdf 2024-11-21 5.5 Medium
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
CVE-2021-4214 3 Debian, Libpng, Netapp 3 Debian Linux, Libpng, Ontap Select Deploy Administration Utility 2024-11-21 5.5 Medium
A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.
CVE-2021-4213 3 Debian, Dogtagpki, Redhat 4 Debian Linux, Network Security Services For Java, Certificate System and 1 more 2024-11-21 7.5 High
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
CVE-2021-4212 1 Lenovo 124 C340-14iml, C340-14iml Firmware, C340-15iml and 121 more 2024-11-21 6.7 Medium
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-4211 1 Lenovo 106 A340-22icb, A340-22icb Firmware, A340-22ick and 103 more 2024-11-21 6.7 Medium
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-4210 1 Lenovo 64 A540-24icb, A540-24icb Firmware, A540-27icb and 61 more 2024-11-21 6.7 Medium
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-4209 3 Gnu, Netapp, Redhat 6 Gnutls, Active Iq Unified Manager, Hci Bootstrap Os and 3 more 2024-11-21 6.5 Medium
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
CVE-2021-4208 1 Exportfeed 1 Exportfeed 2024-11-21 7.2 High
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users
CVE-2021-4204 4 Debian, Linux, Netapp and 1 more 15 Debian Linux, Linux Kernel, H300s and 12 more 2024-11-21 7.1 High
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.
CVE-2021-4203 4 Linux, Netapp, Oracle and 1 more 25 Linux Kernel, A700s, A700s Firmware and 22 more 2024-11-21 6.8 Medium
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
CVE-2021-4202 1 Linux 1 Linux Kernel 2024-11-21 7.0 High
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.
CVE-2021-4200 1 Suse 1 Rancher 2024-11-21 5.4 Medium
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.
CVE-2021-4199 1 Bitdefender 4 Antivirus Plus, Endpoint Security Tools, Internet Security and 1 more 2024-11-21 7.8 High
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.
CVE-2021-4198 1 Bitdefender 5 Antivirus Plus, Endpoint Security Tools, Internet Security and 2 more 2024-11-21 6.1 Medium
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.
CVE-2021-4197 6 Broadcom, Debian, Linux and 3 more 16 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 13 more 2024-11-21 7.8 High
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2021-4194 1 Bookstackapp 1 Bookstack 2024-11-21 6.5 Medium
bookstack is vulnerable to Improper Access Control
CVE-2021-4193 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2024-11-21 5.5 Medium
vim is vulnerable to Out-of-bounds Read
CVE-2021-4192 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2024-11-21 7.8 High
vim is vulnerable to Use After Free
CVE-2021-4191 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.