Total
12859 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4211 | 1 Lenovo | 106 A340-22icb, A340-22icb Firmware, A340-22ick and 103 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-4210 | 1 Lenovo | 64 A540-24icb, A540-24icb Firmware, A540-27icb and 61 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-4204 | 4 Debian, Linux, Netapp and 1 more | 15 Debian Linux, Linux Kernel, H300s and 12 more | 2024-11-21 | 7.1 High |
| An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. | ||||
| CVE-2021-4183 | 3 Fedoraproject, Oracle, Wireshark | 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 5.5 Medium |
| Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file | ||||
| CVE-2021-4138 | 1 Mozilla | 1 Geckodriver | 2024-11-21 | 5.3 Medium |
| Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. | ||||
| CVE-2021-4125 | 1 Redhat | 1 Openshift | 2024-11-21 | 8.1 High |
| It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6. | ||||
| CVE-2021-4120 | 2 Canonical, Fedoraproject | 3 Snapd, Ubuntu Linux, Fedora | 2024-11-21 | 8.2 High |
| snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | ||||
| CVE-2021-4117 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 Medium |
| yetiforcecrm is vulnerable to Business Logic Errors | ||||
| CVE-2021-4111 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 Medium |
| yetiforcecrm is vulnerable to Business Logic Errors | ||||
| CVE-2021-4104 | 4 Apache, Fedoraproject, Oracle and 1 more | 59 Log4j, Fedora, Advanced Supply Chain Planning and 56 more | 2024-11-21 | 7.5 High |
| JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
| CVE-2021-4059 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-4047 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.5 High |
| The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. | ||||
| CVE-2021-4041 | 1 Redhat | 2 Ansible Automation Platform, Ansible Runner | 2024-11-21 | 7.8 High |
| A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. | ||||
| CVE-2021-47154 | 2024-11-21 | 6.3 Medium | ||
| The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||||
| CVE-2021-46771 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | 7.8 High |
| Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application. | ||||
| CVE-2021-46754 | 1 Amd | 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more | 2024-11-21 | 9.1 Critical |
| Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity. | ||||
| CVE-2021-46666 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.5 Medium |
| MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. | ||||
| CVE-2021-46665 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. | ||||
| CVE-2021-46663 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. | ||||
| CVE-2021-46662 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.5 Medium |
| MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. | ||||