Search Results (364428 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-4121 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 6.1 Medium
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4120 2 Canonical, Fedoraproject 3 Snapd, Ubuntu Linux, Fedora 2024-11-21 8.2 High
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVE-2021-4119 1 Bookstackapp 1 Bookstack 2024-11-21 9.8 Critical
bookstack is vulnerable to Improper Access Control
CVE-2021-4118 1 Lightningai 1 Pytorch Lightning 2024-11-21 7.8 High
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
CVE-2021-4117 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 4.3 Medium
yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4116 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 5.4 Medium
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4115 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 5.5 Medium
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
CVE-2021-4112 1 Redhat 5 Ansible Automation Platform, Ansible Automation Platform Early Access, Ansible Automation Platform Text-only Advisories and 2 more 2024-11-21 8.8 High
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
CVE-2021-4111 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 4.3 Medium
yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4110 1 Mruby 1 Mruby 2024-11-21 7.5 High
mruby is vulnerable to NULL Pointer Dereference
CVE-2021-4108 1 Snipeitapp 1 Snipe-it 2024-11-21 6.1 Medium
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4107 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 6.1 Medium
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4106 1 Snowsoftware 1 Snow Inventory Java Scanner 2024-11-21 7.8 High
A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0
CVE-2021-4103 1 B3log 1 Vditor 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
CVE-2021-4101 1 Google 1 Chrome 2024-11-21 8.8 High
Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4100 1 Google 1 Chrome 2024-11-21 8.8 High
Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4099 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4098 1 Google 1 Chrome 2024-11-21 7.4 High
Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-4097 1 Phpservermonitor 1 Php Server Monitor 2024-11-21 5.4 Medium
phpservermon is vulnerable to Improper Neutralization of CRLF Sequences
CVE-2021-4095 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 5.5 Medium
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.