Количество 18 769
Количество 18 769
CVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
CVE-2021-3732
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
CVE-2021-37322
CVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
CVE-2021-37159
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state leading to a use-after-free and a double free.
CVE-2021-3713
CVE-2021-3712
CVE-2021-3711
OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow
CVE-2021-3700
CVE-2021-3698
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
CVE-2021-36980
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
CVE-2021-3697
CVE-2021-36976
Libarchive Remote Code Execution Vulnerability
CVE-2021-36975
Win32k Elevation of Privilege Vulnerability
CVE-2021-36974
Windows SMB Elevation of Privilege Vulnerability
CVE-2021-36973
Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVE-2021-36972
Windows SMB Information Disclosure Vulnerability
CVE-2021-36970
Windows Print Spooler Spoofing Vulnerability
CVE-2021-3696
CVE-2021-36969
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-3733 There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад |
| CVE-2021-3732 A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible. | CVSS3: 5.5 | 0% Низкий | почти 4 года назад |
| CVSS3: 7.8 | 0% Низкий | около 4 лет назад | |
| CVE-2021-3716 A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. | CVSS3: 3.1 | 0% Низкий | 4 месяца назад |
| CVE-2021-37159 hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state leading to a use-after-free and a double free. | CVSS3: 6.4 | 0% Низкий | больше 4 лет назад |
| CVSS3: 7.4 | 0% Низкий | почти 3 года назад | |
| CVSS3: 7.4 | 0% Низкий | больше 4 лет назад | |
| CVE-2021-3711 OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow | 3% Низкий | больше 4 лет назад | |
| CVSS3: 6.4 | 0% Низкий | почти 4 года назад | |
| CVE-2021-3698 A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
| CVE-2021-36980 Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | CVSS3: 5.5 | 0% Низкий | больше 4 лет назад |
| CVSS3: 7 | 0% Низкий | больше 2 лет назад | |
| CVE-2021-36976 Libarchive Remote Code Execution Vulnerability | 0% Низкий | около 4 лет назад | |
| CVE-2021-36975 Win32k Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | больше 4 лет назад |
| CVE-2021-36974 Windows SMB Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | больше 4 лет назад |
| CVE-2021-36973 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | больше 4 лет назад |
| CVE-2021-36972 Windows SMB Information Disclosure Vulnerability | CVSS3: 5.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-36970 Windows Print Spooler Spoofing Vulnerability | CVSS3: 8.8 | 15% Средний | больше 4 лет назад |
| CVSS3: 4.5 | 0% Низкий | больше 2 лет назад | |
| CVE-2021-36969 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | CVSS3: 5.5 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу