Export limit exceeded: 347679 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79433 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79433 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 7.4 High |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | ||||
| CVE-2021-3905 | 4 Canonical, Fedoraproject, Openvswitch and 1 more | 5 Ubuntu Linux, Fedora, Openvswitch and 2 more | 2024-11-21 | 7.5 High |
| A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. | ||||
| CVE-2021-3903 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3901 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 8.8 High |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3889 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 8.1 High |
| libmobi is vulnerable to Use of Out-of-range Pointer Offset | ||||
| CVE-2021-3888 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 8.1 High |
| libmobi is vulnerable to Use of Out-of-range Pointer Offset | ||||
| CVE-2021-3869 | 1 Stanford | 1 Corenlp | 2024-11-21 | 7.5 High |
| corenlp is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2021-3864 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.0 High |
| A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | ||||
| CVE-2021-3861 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | ||||
| CVE-2021-3860 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 8.8 High |
| JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | ||||
| CVE-2021-3859 | 2 Netapp, Redhat | 11 Cloud Secure Agent, Oncommand Insight, Oncommand Workflow Automation and 8 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | ||||
| CVE-2021-3858 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 8.8 High |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3852 | 1 Weseek | 1 Growi | 2024-11-21 | 7.5 High |
| growi is vulnerable to Authorization Bypass Through User-Controlled Key | ||||
| CVE-2021-3847 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 7.8 High |
| An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. | ||||
| CVE-2021-3846 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 8.8 High |
| firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type | ||||
| CVE-2021-3845 | 1 Ws Scrcpy Project | 1 Ws Scrcpy | 2024-11-21 | 7.5 High |
| ws-scrcpy is vulnerable to External Control of File Name or Path | ||||
| CVE-2021-3842 | 3 Debian, Fedoraproject, Nltk | 3 Debian Linux, Fedora, Nltk | 2024-11-21 | 7.5 High |
| nltk is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3840 | 1 Lenovo | 1 Antilles | 2024-11-21 | 8.8 High |
| A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi. | ||||
| CVE-2021-3839 | 3 Dpdk, Fedoraproject, Redhat | 4 Data Plane Development Kit, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. | ||||
| CVE-2021-3835 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | ||||