cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

CVE-2021-44026

Known exploited
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
Max CVSS
9.8
EPSS Score
0.59%
Published
2021-11-19
Updated
2021-12-16
CISA KEV Added
2023-06-22
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
Max CVSS
9.8
EPSS Score
1.33%
Published
2021-11-15
Updated
2023-04-25

CVE-2021-37973

Known exploited
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.56%
Published
2021-10-08
Updated
2024-02-15
CISA KEV Added
2021-11-03
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
Max CVSS
9.8
EPSS Score
0.48%
Published
2021-07-13
Updated
2023-01-31
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Max CVSS
9.8
EPSS Score
1.39%
Published
2021-05-25
Updated
2022-11-08
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.
Max CVSS
9.0
EPSS Score
0.66%
Published
2021-10-04
Updated
2022-10-06
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.
Max CVSS
9.8
EPSS Score
0.71%
Published
2021-06-24
Updated
2021-09-20
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.
Max CVSS
9.4
EPSS Score
0.29%
Published
2021-05-28
Updated
2022-08-19
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
Max CVSS
9.8
EPSS Score
1.41%
Published
2021-05-05
Updated
2021-05-26
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.
Max CVSS
9.8
EPSS Score
0.31%
Published
2021-08-12
Updated
2021-11-28
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
Max CVSS
9.8
EPSS Score
9.74%
Published
2021-05-27
Updated
2021-09-23
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
Max CVSS
9.8
EPSS Score
1.69%
Published
2021-04-14
Updated
2022-11-03

CVE-2021-30633

Known exploited
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.44%
Published
2021-10-08
Updated
2021-11-23
CISA KEV Added
2021-11-03
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.30%
Published
2021-08-03
Updated
2021-12-10
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
Max CVSS
9.8
EPSS Score
1.05%
Published
2021-04-11
Updated
2022-11-03
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
Max CVSS
9.8
EPSS Score
2.00%
Published
2021-03-19
Updated
2021-04-19
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
Max CVSS
9.8
EPSS Score
4.38%
Published
2021-02-10
Updated
2022-09-30
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Max CVSS
9.8
EPSS Score
1.45%
Published
2021-02-09
Updated
2022-05-06
.NET Core Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
8.07%
Published
2021-02-25
Updated
2023-12-29
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
Max CVSS
9.1
EPSS Score
0.35%
Published
2021-06-02
Updated
2021-12-01
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
Max CVSS
9.1
EPSS Score
0.35%
Published
2021-06-02
Updated
2021-12-01
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
Max CVSS
9.8
EPSS Score
16.68%
Published
2021-02-27
Updated
2023-12-21

CVE-2021-25282

Public exploit
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
Max CVSS
9.1
EPSS Score
85.28%
Published
2021-02-27
Updated
2023-12-21

CVE-2021-25281

Public exploit
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
Max CVSS
9.8
EPSS Score
87.41%
Published
2021-02-27
Updated
2023-12-21
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
Max CVSS
9.1
EPSS Score
0.53%
Published
2021-09-23
Updated
2024-03-27
101 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!