CVE-2021-43975
- EPSS 0.51%
- Veröffentlicht 17.11.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:30:07
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
CVE-2021-43976
- EPSS 0.64%
- Veröffentlicht 17.11.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:30:07
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-22959
- EPSS 2.94%
- Veröffentlicht 15.11.2021 15:15:06
- Zuletzt bearbeitet 21.11.2024 05:51:01
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
CVE-2021-43618
- EPSS 3.43%
- Veröffentlicht 15.11.2021 04:15:06
- Zuletzt bearbeitet 21.11.2024 06:29:31
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
CVE-2021-3918
- EPSS 3.56%
- Veröffentlicht 13.11.2021 09:15:06
- Zuletzt bearbeitet 17.01.2025 20:15:26
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-41229
- EPSS 1.1%
- Veröffentlicht 12.11.2021 23:15:08
- Zuletzt bearbeitet 04.11.2025 16:15:44
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory l...
CVE-2021-43331
- EPSS 1.28%
- Veröffentlicht 12.11.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:05
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
CVE-2021-43332
- EPSS 1.07%
- Veröffentlicht 12.11.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:06
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
CVE-2021-3911
- EPSS 0.88%
- Veröffentlicht 11.11.2021 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:45
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.
CVE-2021-3912
- EPSS 0.82%
- Veröffentlicht 11.11.2021 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:45
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).