Количество 18 824
Количество 18 824
CVE-2021-43766
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.
CVE-2021-43666
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
CVE-2021-43618
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input leading to a segmentation fault on 32-bit platforms.
CVE-2021-43566
CVE-2021-43565
CVE-2021-43527
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS S/MIME PKCS \#7 or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS X.509 OCSP or CRL functionality may be impacted depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However email clients and PDF viewers that use NSS for signature verification such as Thunderbird LibreOffice Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
CVE-2021-43523
In uClibc and uClibc-ng before 1.0.39 incorrect handling of special characters in domain names returned by DNS servers via gethostbyname getaddrinfo gethostbyaddr and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution XSS applications crashes etc.). In other words a validation step which is expected in any stub resolver does not occur.
CVE-2021-43519
CVE-2021-43396
CVE-2021-43389
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
CVE-2021-43267
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
CVE-2021-43256
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-43255
Microsoft Office Trust Center Spoofing Vulnerability
CVE-2021-43248
Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2021-43247
Windows TCP/IP Driver Elevation of Privilege Vulnerability
CVE-2021-43246
Windows Hyper-V Denial of Service Vulnerability
CVE-2021-43245
Windows Digital TV Tuner Elevation of Privilege Vulnerability
CVE-2021-43244
Windows Kernel Information Disclosure Vulnerability
CVE-2021-43243
VP9 Video Extensions Information Disclosure Vulnerability
CVE-2021-43242
Microsoft SharePoint Server Spoofing Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-43766 Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
| CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. | 1% Низкий | 5 месяцев назад | |
| CVE-2021-43618 GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input leading to a segmentation fault on 32-bit platforms. | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
| CVSS3: 2.5 | 0% Низкий | больше 1 года назад | |
| CVSS3: 7.5 | 0% Низкий | около 1 года назад | |
| CVE-2021-43527 NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS S/MIME PKCS \#7 or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS X.509 OCSP or CRL functionality may be impacted depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However email clients and PDF viewers that use NSS for signature verification such as Thunderbird LibreOffice Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. | CVSS3: 9.8 | 5% Низкий | около 4 лет назад |
| CVE-2021-43523 In uClibc and uClibc-ng before 1.0.39 incorrect handling of special characters in domain names returned by DNS servers via gethostbyname getaddrinfo gethostbyaddr and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution XSS applications crashes etc.). In other words a validation step which is expected in any stub resolver does not occur. | CVSS3: 9.6 | 3% Низкий | около 4 лет назад |
| CVSS3: 5.5 | 0% Низкий | около 4 лет назад | |
| CVSS3: 7.5 | 1% Низкий | около 4 лет назад | |
| CVE-2021-43389 An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. | CVSS3: 5.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-43267 An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. | CVSS3: 9.8 | 73% Высокий | больше 4 лет назад |
| CVE-2021-43256 Microsoft Excel Remote Code Execution Vulnerability | CVSS3: 7.8 | 1% Низкий | около 4 лет назад |
| CVE-2021-43255 Microsoft Office Trust Center Spoofing Vulnerability | CVSS3: 5.5 | 1% Низкий | около 4 лет назад |
| CVE-2021-43248 Windows Digital Media Receiver Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | около 4 лет назад |
| CVE-2021-43247 Windows TCP/IP Driver Elevation of Privilege Vulnerability | CVSS3: 7.8 | 1% Низкий | около 4 лет назад |
| CVE-2021-43246 Windows Hyper-V Denial of Service Vulnerability | CVSS3: 5.6 | 0% Низкий | около 4 лет назад |
| CVE-2021-43245 Windows Digital TV Tuner Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | около 4 лет назад |
| CVE-2021-43244 Windows Kernel Information Disclosure Vulnerability | CVSS3: 6.5 | 0% Низкий | около 4 лет назад |
| CVE-2021-43243 VP9 Video Extensions Information Disclosure Vulnerability | 0% Низкий | около 4 лет назад | |
| CVE-2021-43242 Microsoft SharePoint Server Spoofing Vulnerability | CVSS3: 7.6 | 1% Низкий | около 4 лет назад |
Уязвимостей на страницу