Search Results (366468 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3947 1 Qemu 1 Qemu 2024-11-21 5.5 Medium
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.
CVE-2021-3945 1 Django-helpdesk Project 1 Django-helpdesk 2024-11-21 6.1 Medium
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3944 1 Bookstackapp 1 Bookstack 2024-11-21 6.8 Medium
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3943 1 Moodle 1 Moodle 2024-11-21 9.8 Critical
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.
CVE-2021-3941 4 Debian, Fedoraproject, Openexr and 1 more 4 Debian Linux, Fedora, Openexr and 1 more 2024-11-21 6.5 Medium
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
CVE-2021-3939 1 Canonical 2 Accountsservice, Ubuntu Linux 2024-11-21 7.8 High
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.
CVE-2021-3938 1 Snipeitapp 1 Snipe-it 2024-11-21 5.4 Medium
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3934 1 Planetargon 1 Oh My Zsh 2024-11-21 7.5 High
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command
CVE-2021-3933 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2024-11-21 5.5 Medium
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
CVE-2021-3932 1 Area17 1 Twill 2024-11-21 4.3 Medium
twill is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3931 1 Snipeitapp 1 Snipe-it 2024-11-21 4.3 Medium
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3930 3 Debian, Qemu, Redhat 11 Debian Linux, Qemu, Advanced Virtualization and 8 more 2024-11-21 6.5 Medium
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
CVE-2021-3928 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
vim is vulnerable to Use of Uninitialized Variable
CVE-2021-3927 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3924 1 Getgrav 1 Grav 2024-11-21 7.5 High
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-3922 1 Lenovo 1 System Interface Foundation 2024-11-21 7.8 High
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.
CVE-2021-3921 1 Firefly-iii 1 Firefly Iii 2024-11-21 4.3 Medium
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3920 1 Getgrav 1 Grav-plugin-admin 2024-11-21 5.4 Medium
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3917 1 Redhat 2 Coreos-installer, Openshift 2024-11-21 5.5 Medium
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3916 1 Bookstackapp 1 Bookstack 2024-11-21 6.5 Medium
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')