CVE-2021-23358
- EPSS 4.09%
- Veröffentlicht 29.03.2021 14:15:18
- Zuletzt bearbeitet 03.11.2025 22:15:47
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
CVE-2021-21332
- EPSS 1.22%
- Veröffentlicht 26.03.2021 20:15:11
- Zuletzt bearbeitet 21.11.2024 05:48:02
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulne...
CVE-2021-21333
- EPSS 1.39%
- Veröffentlicht 26.03.2021 20:15:11
- Zuletzt bearbeitet 21.11.2024 05:48:02
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for misse...
- EPSS 0.83%
- Veröffentlicht 26.03.2021 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:46:15
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corrupti...
- EPSS 8.74%
- Veröffentlicht 25.03.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 06:21:36
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this v...
CVE-2021-3467
- EPSS 0.63%
- Veröffentlicht 25.03.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 06:21:36
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to cra...
CVE-2021-3443
- EPSS 0.76%
- Veröffentlicht 25.03.2021 19:15:14
- Zuletzt bearbeitet 21.11.2024 06:21:32
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when open...
CVE-2021-3446
- EPSS 0.15%
- Veröffentlicht 25.03.2021 19:15:14
- Zuletzt bearbeitet 21.11.2024 06:21:32
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning th...
CVE-2021-3449
- EPSS 62.91%
- Veröffentlicht 25.03.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:33
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...
CVE-2021-3450
- EPSS 18.34%
- Veröffentlicht 25.03.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:33
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...