IDCVSSSummaryLast (major) updatePublished
CVE-2021-2464 None
Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle
25-09-2021 - 09:15 24-09-2021 - 19:15
CVE-2021-34798 None
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
25-09-2021 - 01:15 16-09-2021 - 15:15
CVE-2021-36160 None
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
25-09-2021 - 01:15 16-09-2021 - 15:15
CVE-2021-39275 None
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
25-09-2021 - 01:15 16-09-2021 - 15:15
CVE-2021-40438 None
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
25-09-2021 - 01:15 16-09-2021 - 15:15
CVE-2021-22004 4.4
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper
25-09-2021 - 01:15 08-09-2021 - 15:15
CVE-2021-39251 6.9
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
25-09-2021 - 01:15 07-09-2021 - 15:15
CVE-2021-33289 6.9
In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
25-09-2021 - 01:15 07-09-2021 - 14:15
CVE-2021-33287 6.9
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
25-09-2021 - 01:15 07-09-2021 - 15:15
CVE-2021-39252 6.9
A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
25-09-2021 - 01:15 07-09-2021 - 15:15
CVE-2021-35269 6.9
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
25-09-2021 - 01:15 07-09-2021 - 14:15
CVE-2021-28701 4.4
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, ar
25-09-2021 - 01:15 08-09-2021 - 14:15
CVE-2021-39254 6.9
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.
25-09-2021 - 01:15 07-09-2021 - 15:15
CVE-2021-21996 7.6
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
25-09-2021 - 01:15 08-09-2021 - 15:15
CVE-2021-35267 6.9
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
25-09-2021 - 01:15 07-09-2021 - 15:15
CVE-2021-33285 6.9
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out
25-09-2021 - 01:15 07-09-2021 - 14:15
CVE-2021-39253 6.9
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
25-09-2021 - 01:15 07-09-2021 - 15:15
CVE-2021-35268 6.9
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
25-09-2021 - 01:15 07-09-2021 - 14:15
CVE-2021-35266 6.9
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
25-09-2021 - 01:15 07-09-2021 - 15:15
CVE-2021-39272 4.3
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
25-09-2021 - 01:15 30-08-2021 - 06:15
CVE-2021-37695 3.5
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed F
25-09-2021 - 01:15 13-08-2021 - 00:15
CVE-2021-32808 3.5
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malform
25-09-2021 - 01:15 12-08-2021 - 17:15
CVE-2021-32809 3.5
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionali
25-09-2021 - 01:15 12-08-2021 - 17:15
CVE-2021-36221 4.3
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
25-09-2021 - 01:15 08-08-2021 - 06:15
CVE-2021-3673 5.0
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.
25-09-2021 - 01:15 02-08-2021 - 19:15
CVE-2021-32610 3.6
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
25-09-2021 - 01:15 30-07-2021 - 14:15
CVE-2019-17567 5.0
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to p
25-09-2021 - 01:15 10-06-2021 - 07:15
CVE-2020-13950 5.0
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
25-09-2021 - 01:15 10-06-2021 - 07:15
CVE-2020-35452 6.8
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particula
25-09-2021 - 01:15 10-06-2021 - 07:15
CVE-2021-26690 5.0
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
25-09-2021 - 01:15 10-06-2021 - 07:15
CVE-2021-26691 7.5
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
25-09-2021 - 01:15 10-06-2021 - 07:15
CVE-2021-30641 5.0
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
25-09-2021 - 01:15 10-06-2021 - 07:15
CVE-2021-33829 4.3
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
25-09-2021 - 01:15 09-06-2021 - 12:15
CVE-2021-31607 4.6
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, a
25-09-2021 - 01:15 23-04-2021 - 06:15
CVE-2021-20208 4.9
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity
25-09-2021 - 01:15 19-04-2021 - 22:15
CVE-2021-27919 4.3
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.
25-09-2021 - 01:15 11-03-2021 - 00:15
CVE-2020-36193 5.0
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
25-09-2021 - 01:15 18-01-2021 - 20:15
CVE-2020-28949 6.8
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
25-09-2021 - 01:15 19-11-2020 - 19:15
CVE-2020-28948 6.8
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
25-09-2021 - 01:15 19-11-2020 - 19:15
CVE-2020-25658 4.3
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
25-09-2021 - 01:15 12-11-2020 - 14:15
CVE-2021-21742 None
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
25-09-2021 - 00:15 25-09-2021 - 00:15
CVE-2021-3770 4.6
vim is vulnerable to Heap-based Buffer Overflow
24-09-2021 - 23:15 06-09-2021 - 12:15
CVE-2021-30606 6.8
Chromium: CVE-2021-30606 Use after free in Blink
24-09-2021 - 23:15 03-09-2021 - 20:15
CVE-2021-30607 6.8
Chromium: CVE-2021-30607 Use after free in Permissions
24-09-2021 - 23:15 03-09-2021 - 20:15
CVE-2021-30608 6.8
Chromium: CVE-2021-30608 Use after free in Web Share
24-09-2021 - 23:15 03-09-2021 - 20:15
CVE-2021-30609 6.8
Chromium: CVE-2021-30609 Use after free in Sign-In
24-09-2021 - 23:15 03-09-2021 - 20:15
CVE-2021-30610 6.8
Chromium: CVE-2021-30610 Use after free in Extensions API
24-09-2021 - 23:15 03-09-2021 - 20:15
CVE-2021-30611 6.8
Chromium: CVE-2021-30611 Use after free in WebRTC
24-09-2021 - 23:15 03-09-2021 - 20:15
CVE-2021-30612 6.8
Chromium: CVE-2021-30612 Use after free in WebRTC
24-09-2021 - 23:15 03-09-2021 - 20:15
CVE-2021-30613 6.8
Chromium: CVE-2021-30613 Use after free in Base internals
24-09-2021 - 23:15 03-09-2021 - 20:15
Back to Top Mark selected
Back to Top