Search

Search Results (367163 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3594 4 Debian, Fedoraproject, Libslirp Project and 1 more 4 Debian Linux, Fedora, Libslirp and 1 more 2024-11-21 3.8 Low
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2021-3593 4 Debian, Fedoraproject, Libslirp Project and 1 more 4 Debian Linux, Fedora, Libslirp and 1 more 2024-11-21 3.8 Low
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2021-3592 4 Debian, Fedoraproject, Libslirp Project and 1 more 4 Debian Linux, Fedora, Libslirp and 1 more 2024-11-21 3.8 Low
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2021-3590 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 8.8 High
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3589 2 Redhat, Theforeman 2 Satellite, Foreman Ansible 2024-11-21 8.0 High
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3588 1 Bluez 1 Bluez 2024-11-21 3.3 Low
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.
CVE-2021-3586 1 Redhat 3 Openshift Service Mesh, Service Mesh, Servicemesh-operator 2024-11-21 9.8 Critical
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3585 1 Openstack 1 Tripleo Heat Templates 2024-11-21 5.5 Medium
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
CVE-2021-3584 2 Redhat, Theforeman 4 Satellite, Satellite Capsule, Satellite Utils and 1 more 2024-11-21 7.2 High
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.
CVE-2021-3583 1 Redhat 3 Ansible Automation Platform, Ansible Engine, Ansible Tower 2024-11-21 7.1 High
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2021-3582 2 Debian, Qemu 2 Debian Linux, Qemu 2024-11-21 6.5 Medium
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.
CVE-2021-3581 1 Zephyrproject 1 Zephyr 2024-11-21 7 High
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5
CVE-2021-3580 4 Debian, Netapp, Nettle Project and 1 more 4 Debian Linux, Ontap Select Deploy Administration Utility, Nettle and 1 more 2024-11-21 7.5 High
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
CVE-2021-3579 1 Bitdefender 2 Endpoint Security Tools, Total Security 2024-11-21 7.8 High
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.
CVE-2021-3578 3 Debian, Fedoraproject, Isync Project 3 Debian Linux, Fedora, Isync 2024-11-21 7.8 High
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
CVE-2021-3577 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2024-11-21 8.8 High
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.
CVE-2021-3576 1 Bitdefender 2 Endpoint Security Tools, Total Security 2024-11-21 7.8 High
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.
CVE-2021-3574 2 Fedoraproject, Imagemagick 2 Fedora, Imagemagick 2024-11-21 3.3 Low
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVE-2021-3573 3 Fedoraproject, Linux, Redhat 4 Fedora, Linux Kernel, Enterprise Linux and 1 more 2024-11-21 6.4 Medium
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
CVE-2021-3572 3 Oracle, Pypa, Redhat 6 Agile Plm, Communications Cloud Native Core Network Function Cloud Native Environment, Communications Cloud Native Core Policy and 3 more 2024-11-21 5.7 Medium
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.