CVE-2021-40153
- EPSS 2.5%
- Veröffentlicht 27.08.2021 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:23:40
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination dire...
CVE-2021-3605
- EPSS 1.01%
- Veröffentlicht 25.08.2021 19:15:14
- Zuletzt bearbeitet 21.11.2024 06:21:57
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to appli...
CVE-2021-3573
- EPSS 0.37%
- Veröffentlicht 13.08.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:21:52
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_bl...
CVE-2021-3635
- EPSS 0.24%
- Veröffentlicht 13.08.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:22:02
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.
CVE-2021-20314
- EPSS 2.81%
- Veröffentlicht 12.08.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:46:21
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
CVE-2021-38160
- EPSS 0.4%
- Veröffentlicht 07.08.2021 04:15:06
- Zuletzt bearbeitet 05.05.2025 14:12:40
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is...
CVE-2021-3655
- EPSS 0.31%
- Veröffentlicht 05.08.2021 21:15:13
- Zuletzt bearbeitet 21.11.2024 06:22:05
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
CVE-2021-3580
- EPSS 2.69%
- Veröffentlicht 05.08.2021 21:15:12
- Zuletzt bearbeitet 21.11.2024 06:21:53
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
CVE-2021-3679
- EPSS 0.73%
- Veröffentlicht 05.08.2021 20:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:08
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw ...
CVE-2021-3682
- EPSS 2.9%
- Veröffentlicht 05.08.2021 20:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:09
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this fla...