CVE-2021-32918
- EPSS 2.87%
- Veröffentlicht 13.05.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:55
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.
CVE-2021-32919
- EPSS 0.34%
- Veröffentlicht 13.05.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:55
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, al...
CVE-2021-32920
- EPSS 3.29%
- Veröffentlicht 13.05.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:55
Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.
CVE-2021-32921
- EPSS 3.8%
- Veröffentlicht 13.05.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:55
An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret str...
CVE-2021-21424
- EPSS 0.27%
- Veröffentlicht 13.05.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 05:48:20
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when att...
CVE-2020-25713
- EPSS 0.47%
- Veröffentlicht 13.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:18:33
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
CVE-2020-27823
- EPSS 0.04%
- Veröffentlicht 13.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:21:52
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availab...
CVE-2020-14354
- EPSS 0.17%
- Veröffentlicht 13.05.2021 14:15:17
- Zuletzt bearbeitet 21.11.2024 05:03:04
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this v...
CVE-2020-27824
- EPSS 0.25%
- Veröffentlicht 13.05.2021 14:15:17
- Zuletzt bearbeitet 21.11.2024 05:21:52
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to s...
CVE-2021-31215
- EPSS 0.7%
- Veröffentlicht 13.05.2021 06:15:07
- Zuletzt bearbeitet 21.11.2024 06:05:18
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.