Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2021-07-01 CVE-2021-36087 Out-of-bounds Read vulnerability in multiple products
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow).
local
low complexity
selinux-project fedoraproject CWE-125
3.3
2021-06-29 CVE-2021-29480 Use of Insufficiently Random Values vulnerability in Ratpack Project Ratpack
Ratpack is a toolkit for creating web applications.
network
high complexity
ratpack-project CWE-330
3.1
2021-06-29 CVE-2021-31506 Out-of-bounds Read vulnerability in Opentext Brava! Desktop 16.6.3.84/16.6.4.55
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55.
local
low complexity
opentext CWE-125
3.3
2021-06-28 CVE-2021-28587 Unspecified vulnerability in Adobe After Effects
After Effects versions 18.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
local
low complexity
adobe
3.3
2021-06-25 CVE-2021-27040 Out-of-bounds Read vulnerability in multiple products
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file.
3.3
2021-06-24 CVE-2021-24000 Race Condition vulnerability in Mozilla Firefox
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab.
network
high complexity
mozilla CWE-362
3.1
2021-06-24 CVE-2021-29948 Race Condition vulnerability in Mozilla Thunderbird
Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file.
local
high complexity
mozilla CWE-362
2.5
2021-06-24 CVE-2021-33604 Unspecified vulnerability in Vaadin
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
local
high complexity
vaadin
2.5
2021-06-24 CVE-2021-32823 In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability.
network
high complexity
bindata-project gitlab
3.7
2021-06-22 CVE-2021-34396 Unspecified vulnerability in Nvidia Jetson Linux
Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.
local
low complexity
nvidia
2.3