Количество 18 769
Количество 18 769
CVE-2021-29657
arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.
CVE-2021-29650
CVE-2021-29649
CVE-2021-29648
CVE-2021-29647
CVE-2021-29646
CVE-2021-29623
CVE-2021-29622
Arbitrary redirects under /new endpoint
CVE-2021-29473
CVE-2021-29470
CVE-2021-29464
CVE-2021-29463
CVE-2021-29458
CVE-2021-29457
CVE-2021-29266
An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device aka CID-f6bbf0010ba0.
CVE-2021-29265
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status aka CID-9380afd6df70.
CVE-2021-29264
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled aka CID-d8861bab48b6.
CVE-2021-29157
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.
CVE-2021-29155
CVE-2021-29154
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
CVE-2021-29657 arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun. | CVSS3: 7.4 | 0% Низкий | больше 4 лет назад | |
CVSS3: 5.5 | 0% Низкий | почти 5 лет назад | ||
CVSS3: 5.5 | 0% Низкий | почти 5 лет назад | ||
CVSS3: 5.5 | 0% Низкий | почти 5 лет назад | ||
CVSS3: 5.5 | 0% Низкий | почти 5 лет назад | ||
CVSS3: 5.5 | 0% Низкий | почти 5 лет назад | ||
CVSS3: 3.3 | 0% Низкий | около 4 лет назад | ||
CVE-2021-29622 Arbitrary redirects under /new endpoint | CVSS3: 6.1 | 87% Высокий | около 4 лет назад | |
CVSS3: 2.5 | 0% Низкий | около 4 лет назад | ||
CVSS3: 6.5 | 0% Низкий | около 4 лет назад | ||
CVSS3: 7.8 | 0% Низкий | около 4 лет назад | ||
CVSS3: 5.5 | 0% Низкий | около 4 лет назад | ||
CVSS3: 5.5 | 0% Низкий | около 4 лет назад | ||
CVSS3: 7.8 | 2% Низкий | около 4 лет назад | ||
CVE-2021-29266 An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device aka CID-f6bbf0010ba0. | CVSS3: 7.8 | 0% Низкий | почти 5 лет назад | |
CVE-2021-29265 An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status aka CID-9380afd6df70. | CVSS3: 4.7 | 0% Низкий | почти 5 лет назад | |
CVE-2021-29264 An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled aka CID-d8861bab48b6. | CVSS3: 5.5 | 0% Низкий | почти 5 лет назад | |
CVE-2021-29157 Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver. | CVSS3: 5.5 | 0% Низкий | около 4 лет назад | |
CVSS3: 5.5 | 0% Низкий | почти 5 лет назад | ||
CVSS3: 7.8 | 0% Низкий | почти 5 лет назад |
Уязвимостей на страницу