CVE-2021-44731
- EPSS 0.95%
- Veröffentlicht 17.02.2022 23:15:07
- Zuletzt bearbeitet 21.11.2024 06:31:28
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namesp...
CVE-2021-4120
- EPSS 0.44%
- Veröffentlicht 17.02.2022 23:15:07
- Zuletzt bearbeitet 21.11.2024 06:36:56
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape stri...
CVE-2022-0629
- EPSS 1.81%
- Veröffentlicht 17.02.2022 12:15:07
- Zuletzt bearbeitet 21.11.2024 06:39:04
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-25271
- EPSS 1.27%
- Veröffentlicht 16.02.2022 23:15:11
- Zuletzt bearbeitet 21.11.2024 06:51:55
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but...
CVE-2022-25258
- EPSS 0.93%
- Veröffentlicht 16.02.2022 20:15:07
- Zuletzt bearbeitet 21.11.2024 06:51:53
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function ...
CVE-2021-3578
- EPSS 1.04%
- Veröffentlicht 16.02.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:21:53
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. ...
CVE-2021-3752
- EPSS 1.74%
- Veröffentlicht 16.02.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:20
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The...
CVE-2021-3760
- EPSS 0.35%
- Veröffentlicht 16.02.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:21
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
CVE-2021-3773
- EPSS 5.28%
- Veröffentlicht 16.02.2022 19:15:08
- Zuletzt bearbeitet 28.03.2025 15:15:41
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
CVE-2021-3781
- EPSS 83.91%
- Veröffentlicht 16.02.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:24
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the...