CVE-2021-42376
- EPSS 0.4%
- Veröffentlicht 15.11.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:27:41
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered comman...
CVE-2021-42377
- EPSS 3.38%
- Veröffentlicht 15.11.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:27:41
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under...
CVE-2021-42378
- EPSS 2.54%
- Veröffentlicht 15.11.2021 21:15:07
- Zuletzt bearbeitet 03.11.2025 21:15:44
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
CVE-2021-42379
- EPSS 2.58%
- Veröffentlicht 15.11.2021 21:15:07
- Zuletzt bearbeitet 03.11.2025 21:15:45
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
CVE-2021-42380
- EPSS 2.79%
- Veröffentlicht 15.11.2021 21:15:07
- Zuletzt bearbeitet 03.11.2025 21:15:45
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
CVE-2021-42381
- EPSS 2.58%
- Veröffentlicht 15.11.2021 21:15:07
- Zuletzt bearbeitet 03.11.2025 21:15:45
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
CVE-2021-42382
- EPSS 2.54%
- Veröffentlicht 15.11.2021 21:15:07
- Zuletzt bearbeitet 03.11.2025 21:15:45
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
CVE-2021-43616
- EPSS 2.53%
- Veröffentlicht 13.11.2021 18:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:31
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers t...
CVE-2020-23903
- EPSS 0.94%
- Veröffentlicht 10.11.2021 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:14:12
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
CVE-2021-43519
- EPSS 1.14%
- Veröffentlicht 09.11.2021 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:29:20
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.