CVE-2021-3281
- EPSS 7.61%
- Veröffentlicht 02.02.2021 07:15:14
- Zuletzt bearbeitet 21.11.2024 06:21:12
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative path...
CVE-2020-28493
- EPSS 3.55%
- Veröffentlicht 01.02.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:54
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punct...
CVE-2021-3347
- EPSS 1.38%
- Veröffentlicht 29.01.2021 17:15:12
- Zuletzt bearbeitet 25.02.2026 18:16:53
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
CVE-2021-3325
- EPSS 2.23%
- Veröffentlicht 27.01.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:17
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that so...
CVE-2021-3272
- EPSS 1.11%
- Veröffentlicht 27.01.2021 08:15:10
- Zuletzt bearbeitet 21.11.2024 06:21:11
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
CVE-2021-3156
- EPSS 99.3%
- Veröffentlicht 26.01.2021 21:15:12
- Zuletzt bearbeitet 10.11.2025 14:41:45
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2021-3308
- EPSS 0.42%
- Veröffentlicht 26.01.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 06:21:15
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and en...
CVE-2021-3114
- EPSS 2.69%
- Veröffentlicht 26.01.2021 18:16:27
- Zuletzt bearbeitet 21.11.2024 06:20:54
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
CVE-2021-3115
- EPSS 6.5%
- Veröffentlicht 26.01.2021 18:16:27
- Zuletzt bearbeitet 21.11.2024 06:20:54
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted dow...
CVE-2020-25686
- EPSS 4.87%
- Veröffentlicht 20.01.2021 17:15:13
- Zuletzt bearbeitet 04.11.2025 20:15:57
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers...