Search Results (366404 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3941 4 Debian, Fedoraproject, Openexr and 1 more 4 Debian Linux, Fedora, Openexr and 1 more 2024-11-21 6.5 Medium
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
CVE-2021-3939 1 Canonical 2 Accountsservice, Ubuntu Linux 2024-11-21 7.8 High
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.
CVE-2021-3938 1 Snipeitapp 1 Snipe-it 2024-11-21 5.4 Medium
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3934 1 Planetargon 1 Oh My Zsh 2024-11-21 7.5 High
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command
CVE-2021-3933 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2024-11-21 5.5 Medium
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
CVE-2021-3932 1 Area17 1 Twill 2024-11-21 4.3 Medium
twill is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3931 1 Snipeitapp 1 Snipe-it 2024-11-21 4.3 Medium
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3930 3 Debian, Qemu, Redhat 11 Debian Linux, Qemu, Advanced Virtualization and 8 more 2024-11-21 6.5 Medium
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
CVE-2021-3928 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
vim is vulnerable to Use of Uninitialized Variable
CVE-2021-3927 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3924 1 Getgrav 1 Grav 2024-11-21 7.5 High
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-3922 1 Lenovo 1 System Interface Foundation 2024-11-21 7.8 High
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.
CVE-2021-3921 1 Firefly-iii 1 Firefly Iii 2024-11-21 4.3 Medium
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3920 1 Getgrav 1 Grav-plugin-admin 2024-11-21 5.4 Medium
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3917 1 Redhat 2 Coreos-installer, Openshift 2024-11-21 5.5 Medium
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3916 1 Bookstackapp 1 Bookstack 2024-11-21 6.5 Medium
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-3915 1 Bookstackapp 1 Bookstack 2024-11-21 5.7 Medium
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2021-3914 1 Redhat 4 Build Of Quarkus, Openshift Application Runtimes, Quarkus and 1 more 2024-11-21 6.1 Medium
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
CVE-2021-3912 2 Cloudflare, Debian 2 Octorpki, Debian Linux 2024-11-21 4.2 Medium
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
CVE-2021-3911 2 Cloudflare, Debian 2 Octorpki, Debian Linux 2024-11-21 4.2 Medium
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.