Количество 18 769
Количество 18 769
CVE-2021-33644
CVE-2021-33643
CVE-2021-33640
CVE-2021-33624
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13 a branch can be mispredicted (e.g. because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack aka CID-9183671af6db.
CVE-2021-33574
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller leading to a denial of service (application crash) or possibly unspecified other impact.
CVE-2021-33560
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm and the window size is not chosen appropriately. This for example affects use of ElGamal in OpenPGP.
CVE-2021-33515
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
CVE-2021-33503
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
CVE-2021-3348
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup aka CID-b98e762e3d71.
CVE-2021-3347
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling allowing local users to execute code in the kernel aka CID-34b1a1ce1458.
CVE-2021-33468
An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33467
An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33466
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33465
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33464
An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33463
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.
CVE-2021-33462
An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c.
CVE-2021-33461
An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c.
CVE-2021-33460
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33459
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад | |
| CVSS3: 9.1 | 0% Низкий | больше 3 лет назад | |
| CVSS3: 9.8 | 0% Низкий | около 3 лет назад | |
| CVE-2021-33624 In kernel/bpf/verifier.c in the Linux kernel before 5.12.13 a branch can be mispredicted (e.g. because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack aka CID-9183671af6db. | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
| CVE-2021-33574 The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller leading to a denial of service (application crash) or possibly unspecified other impact. | CVSS3: 9.8 | 0% Низкий | больше 4 лет назад |
| CVE-2021-33560 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm and the window size is not chosen appropriately. This for example affects use of ElGamal in OpenPGP. | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-33515 The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. | CVSS3: 4.8 | 4% Низкий | около 4 лет назад |
| CVE-2021-33503 An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. | CVSS3: 7.5 | 1% Низкий | больше 4 лет назад |
| CVE-2021-3348 nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup aka CID-b98e762e3d71. | CVSS3: 7 | 0% Низкий | около 5 лет назад |
| CVE-2021-3347 An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling allowing local users to execute code in the kernel aka CID-34b1a1ce1458. | CVSS3: 7.8 | 0% Низкий | около 5 лет назад |
| CVE-2021-33468 An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVE-2021-33467 An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVE-2021-33466 An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVE-2021-33465 An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVE-2021-33464 An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVE-2021-33463 An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVE-2021-33462 An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVE-2021-33461 An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVE-2021-33460 An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVE-2021-33459 An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу