CVE-2021-32688
- EPSS 2.31%
- Veröffentlicht 12.07.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:32
Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can ...
CVE-2021-32679
- EPSS 1.37%
- Veröffentlicht 12.07.2021 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:30
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized...
CVE-2021-36377
- EPSS 0.57%
- Veröffentlicht 12.07.2021 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:13:38
Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.
CVE-2021-32678
- EPSS 1.37%
- Veröffentlicht 12.07.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:30
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtect...
CVE-2021-3612
- EPSS 0.69%
- Veröffentlicht 09.07.2021 11:15:09
- Zuletzt bearbeitet 21.11.2024 06:21:58
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privi...
CVE-2021-3570
- EPSS 2.96%
- Veröffentlicht 09.07.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 06:21:52
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat f...
CVE-2021-3571
- EPSS 1.9%
- Veröffentlicht 09.07.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 06:21:52
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The...
CVE-2021-21779
- EPSS 2.91%
- Veröffentlicht 08.07.2021 12:15:09
- Zuletzt bearbeitet 21.11.2024 05:48:57
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into v...
- EPSS 1.27%
- Veröffentlicht 07.07.2021 22:15:07
- Zuletzt bearbeitet 21.11.2024 05:48:56
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger...
CVE-2021-32740
- EPSS 2.2%
- Veröffentlicht 06.07.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:38
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementatio...