Export limit exceeded: 14200 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10125 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10125 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3647 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 6.1 Medium |
| URI.js is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3639 | 2 Redhat, Uninett | 2 Enterprise Linux, Mod Auth Mellon | 2024-11-21 | 6.1 Medium |
| A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. | ||||
| CVE-2021-3614 | 1 Lenovo | 42 100e 2nd Gen, 100e 2nd Gen Firmware, 300e 2nd Gen and 39 more | 2024-11-21 | 6.4 Medium |
| A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage. | ||||
| CVE-2021-3565 | 3 Fedoraproject, Redhat, Tpm2-tools Project | 3 Fedora, Enterprise Linux, Tpm2-tools | 2024-11-21 | 5.9 Medium |
| A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-3531 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | 5.3 Medium |
| A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. | ||||
| CVE-2021-3530 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 7.5 High |
| A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. | ||||
| CVE-2021-3502 | 2 Avahi, Redhat | 2 Avahi, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability. | ||||
| CVE-2021-3461 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-11-21 | 7.1 High |
| A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | ||||
| CVE-2021-3454 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.3 Medium |
| Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3 | ||||
| CVE-2021-3444 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. | ||||
| CVE-2021-3436 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.3 Medium |
| BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 | ||||
| CVE-2021-3431 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.3 Medium |
| Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 | ||||
| CVE-2021-3430 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 6.5 Medium |
| Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr | ||||
| CVE-2021-3380 | 1 Height8tech | 1 H8 Ssrms | 2024-11-21 | 6.5 Medium |
| Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. | ||||
| CVE-2021-3321 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.5 High |
| Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | ||||
| CVE-2021-3312 | 1 Alkacon | 1 Opencms | 2024-11-21 | 6.5 Medium |
| An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document. | ||||
| CVE-2021-3311 | 1 Octobercms | 1 October | 2024-11-21 | 9.8 Critical |
| An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker. | ||||
| CVE-2021-3189 | 1 Google | 1 Slashify | 2024-11-21 | 6.1 Medium |
| The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | ||||
| CVE-2021-3183 | 1 Files | 1 Fat Client | 2024-11-21 | 7.5 High |
| Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile. | ||||
| CVE-2021-3144 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 9.1 Critical |
| In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) | ||||