CVE-2021-20277
- EPSS 4.33%
- Veröffentlicht 12.05.2021 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:46:16
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is...
CVE-2021-32606
- EPSS 0.42%
- Veröffentlicht 11.05.2021 23:15:09
- Zuletzt bearbeitet 21.11.2024 06:07:21
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
CVE-2021-3504
- EPSS 1.92%
- Veröffentlicht 11.05.2021 23:15:09
- Zuletzt bearbeitet 21.11.2024 06:21:42
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memor...
CVE-2021-31204
- EPSS 1.4%
- Veröffentlicht 11.05.2021 19:15:10
- Zuletzt bearbeitet 21.11.2024 06:05:17
.NET and Visual Studio Elevation of Privilege Vulnerability
CVE-2021-29471
- EPSS 1.65%
- Veröffentlicht 11.05.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:01:11
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will...
CVE-2020-13529
- EPSS 1.4%
- Veröffentlicht 10.05.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 05:01:26
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and...
CVE-2021-32056
- EPSS 1.7%
- Veröffentlicht 10.05.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:06:46
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
CVE-2021-21419
- EPSS 1.81%
- Veröffentlicht 07.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:48:19
Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch i...
CVE-2021-31829
- EPSS 0.31%
- Veröffentlicht 06.05.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 06:06:18
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against ...
CVE-2021-32052
- EPSS 3.15%
- Veröffentlicht 06.05.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 06:06:46
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, hea...