CVE-2021-28677
- EPSS 2.29%
- Veröffentlicht 02.06.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:00:06
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking...
CVE-2021-28678
- EPSS 0.73%
- Veröffentlicht 02.06.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:00:06
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty dat...
CVE-2019-12067
- EPSS 0.31%
- Veröffentlicht 02.06.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 04:22:10
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
CVE-2021-28675
- EPSS 0.96%
- Veröffentlicht 02.06.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:00:05
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
- EPSS 0.28%
- Veröffentlicht 02.06.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 05:27:26
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This fla...
CVE-2021-3516
- EPSS 1.99%
- Veröffentlicht 01.06.2021 14:15:10
- Zuletzt bearbeitet 21.11.2024 06:21:43
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availabi...
CVE-2021-3543
- EPSS 0.3%
- Veröffentlicht 01.06.2021 14:15:10
- Zuletzt bearbeitet 21.11.2024 06:21:48
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privil...
CVE-2021-23017
- EPSS 53.46%
- Veröffentlicht 01.06.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 05:51:09
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2021-29505
- EPSS 77.74%
- Veröffentlicht 28.05.2021 21:15:08
- Zuletzt bearbeitet 30.05.2025 00:15:20
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input str...
CVE-2021-32642
- EPSS 1.33%
- Veröffentlicht 28.05.2021 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:26
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer d...