The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-3744 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | LOW | Sep 15, 2021 | n/a |
| CVE-2021-3743 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | LOW | Aug 31, 2021 | n/a |
| CVE-2021-3739 | A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. | LOW | Aug 27, 2021 | n/a |
| CVE-2021-3738 | In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called \'association groups\'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid \'struct session_info\'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access. | MEDIUM | Nov 11, 2021 | n/a |
| CVE-2021-3737 | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | HIGH | Feb 14, 2022 | VxWorks 23.09 (VxWorks 7) |
| CVE-2021-3736 | A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information. | -- | Aug 25, 2022 | n/a |
| CVE-2021-3735 | A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | -- | Aug 27, 2021 | n/a |
| CVE-2021-3734 | yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | MEDIUM | Aug 26, 2021 | n/a |
| CVE-2021-3733 | There\'s a flaw in urllib\'s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | MEDIUM | Aug 24, 2021 | n/a |
| CVE-2021-3732 | A flaw was found in the Linux kernel\'s OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible. | LOW | Aug 25, 2021 | n/a |
| CVE-2021-3731 | LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to \'clickjacking\'. This allows an attacker to trick a targetted user to execute unintended actions. | MEDIUM | Aug 27, 2021 | n/a |
| CVE-2021-3730 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Aug 26, 2021 | n/a |
| CVE-2021-3729 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Aug 26, 2021 | n/a |
| CVE-2021-3728 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Aug 26, 2021 | n/a |
| CVE-2021-3727 | # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they\'re an external API, it\'s not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function). | HIGH | Dec 1, 2021 | n/a |
| CVE-2021-3726 | # Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function. | HIGH | Nov 30, 2021 | n/a |
| CVE-2021-3725 | Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin. | MEDIUM | Nov 30, 2021 | n/a |
| CVE-2021-3724 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2021-3723 | A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session. | HIGH | Nov 12, 2021 | n/a |
| CVE-2021-3722 | A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. | MEDIUM | Apr 25, 2022 | n/a |
| CVE-2021-3721 | A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. | MEDIUM | Apr 25, 2022 | n/a |
| CVE-2021-3720 | An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. | LOW | Nov 12, 2021 | n/a |
| CVE-2021-3719 | A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code. | HIGH | Nov 12, 2021 | n/a |
| CVE-2021-3718 | A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. | MEDIUM | Nov 12, 2021 | n/a |
| CVE-2021-3717 | A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. | MEDIUM | May 24, 2022 | n/a |
| CVE-2021-3716 | A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. | LOW | Mar 3, 2022 | n/a |
| CVE-2021-3715 | A flaw was found in the Routing decision classifier in the Linux kernel\'s Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | HIGH | Sep 8, 2021 | n/a |
| CVE-2021-3714 | A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged. | -- | Apr 4, 2022 | n/a |
| CVE-2021-3713 | An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. | MEDIUM | Aug 21, 2021 | n/a |
| CVE-2021-3712 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\'s own d2i functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the data and length fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the data field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). | MEDIUM | Aug 27, 2021 | 21.11 (VxWorks 7) |
| CVE-2021-3711 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). | HIGH | Aug 27, 2021 | 21.11 (VxWorks 7) |
| CVE-2021-3710 | An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | MEDIUM | Oct 8, 2021 | n/a |
| CVE-2021-3709 | Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | LOW | Oct 8, 2021 | n/a |
| CVE-2021-3708 | D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device. | HIGH | Aug 16, 2021 | n/a |
| CVE-2021-3707 | D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. | LOW | Aug 16, 2021 | n/a |
| CVE-2021-3706 | adminlte is vulnerable to Sensitive Cookie Without \'HttpOnly\' Flag | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-3705 | Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device. | HIGH | Nov 3, 2021 | n/a |
| CVE-2021-3704 | Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device. | HIGH | Nov 4, 2021 | n/a |
| CVE-2021-3703 | It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0. | -- | Aug 26, 2022 | n/a |
| CVE-2021-3702 | A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner\'s private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality. | -- | Aug 23, 2022 | n/a |
| CVE-2021-3701 | A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity. | -- | Aug 26, 2022 | n/a |
| CVE-2021-3700 | A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. | MEDIUM | Feb 25, 2022 | n/a |
| CVE-2021-3698 | A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. | MEDIUM | Nov 1, 2021 | n/a |
| CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | n/a |
| CVE-2021-3696 | A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it\'s very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | n/a |
| CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | n/a |
| CVE-2021-3694 | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | MEDIUM | Aug 27, 2021 | n/a |
| CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser\'s DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | MEDIUM | Aug 27, 2021 | n/a |
| CVE-2021-3692 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | MEDIUM | Aug 10, 2021 | n/a |
| CVE-2021-3691 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 | n/a |
