CVE-2021-23841
- EPSS 7.47%
- Veröffentlicht 16.02.2021 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:51:55
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while...
CVE-2021-27229
- EPSS 3.2%
- Veröffentlicht 16.02.2021 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:57:38
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
CVE-2021-27218
- EPSS 4.08%
- Veröffentlicht 15.02.2021 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:57:37
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVE-2021-27219
- EPSS 2.99%
- Veröffentlicht 15.02.2021 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:57:37
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corrupti...
CVE-2021-23336
- EPSS 35.96%
- Veröffentlicht 15.02.2021 13:15:12
- Zuletzt bearbeitet 17.12.2025 22:15:55
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector c...
CVE-2020-7071
- EPSS 2.98%
- Veröffentlicht 15.02.2021 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:37
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL be...
CVE-2021-21702
- EPSS 3.18%
- Veröffentlicht 15.02.2021 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:48:51
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer a...
CVE-2021-26929
- EPSS 4.94%
- Veröffentlicht 14.02.2021 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:57:04
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled...
CVE-2021-27212
- EPSS 64.15%
- Veröffentlicht 14.02.2021 03:15:12
- Zuletzt bearbeitet 21.11.2024 05:57:36
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to s...
CVE-2021-21311
- EPSS 90.07%
- Veröffentlicht 11.02.2021 21:15:13
- Zuletzt bearbeitet 24.10.2025 14:48:35
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected....