| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-32921 |
362 |
|
|
2021-05-13 |
2022-05-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. |
|
2 |
CVE-2021-32920 |
|
|
|
2021-05-13 |
2022-07-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. |
|
3 |
CVE-2021-32919 |
295 |
|
|
2021-05-13 |
2021-05-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled). |
|
4 |
CVE-2021-32918 |
400 |
|
|
2021-05-13 |
2021-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. |
|
5 |
CVE-2021-32917 |
862 |
|
|
2021-05-13 |
2021-06-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth. |
|
6 |
CVE-2021-32606 |
416 |
|
|
2021-05-11 |
2021-09-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.) |
|
7 |
CVE-2021-31829 |
863 |
|
|
2021-05-06 |
2022-01-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. |
|
8 |
CVE-2021-31800 |
22 |
|
Exec Code Dir. Trav. |
2021-05-05 |
2021-05-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. |
|
9 |
CVE-2021-31204 |
|
|
|
2021-05-11 |
2022-05-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
.NET and Visual Studio Elevation of Privilege Vulnerability |
|
10 |
CVE-2021-31162 |
415 |
|
|
2021-04-14 |
2022-11-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. |
|
11 |
CVE-2021-30184 |
120 |
|
Exec Code Overflow |
2021-04-07 |
2022-05-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. |
|
12 |
CVE-2021-30178 |
476 |
|
|
2021-04-07 |
2021-06-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. |
|
13 |
CVE-2021-29650 |
|
|
DoS |
2021-03-30 |
2022-05-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. |
|
14 |
CVE-2021-29649 |
401 |
|
|
2021-03-30 |
2021-04-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. |
|
15 |
CVE-2021-29648 |
307 |
|
|
2021-03-30 |
2021-04-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. |
|
16 |
CVE-2021-29647 |
909 |
|
+Info |
2021-03-30 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. |
|
17 |
CVE-2021-29646 |
|
|
|
2021-03-30 |
2021-04-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. |
|
18 |
CVE-2021-29424 |
863 |
|
Bypass |
2021-04-06 |
2021-06-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. |
|
19 |
CVE-2021-29421 |
611 |
|
|
2021-04-01 |
2022-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. |
|
20 |
CVE-2021-29155 |
125 |
|
+Info |
2021-04-20 |
2022-04-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. |
|
21 |
CVE-2021-28972 |
120 |
|
Overflow |
2021-03-22 |
2022-06-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. |
|
22 |
CVE-2021-28971 |
755 |
|
|
2021-03-22 |
2022-07-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. |
|
23 |
CVE-2021-28964 |
362 |
|
DoS |
2021-03-22 |
2022-06-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. |
|
24 |
CVE-2021-28952 |
120 |
|
Overflow |
2021-03-20 |
2022-05-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) |
|
25 |
CVE-2021-28951 |
667 |
|
DoS |
2021-03-20 |
2022-05-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. |
|
26 |
CVE-2021-28879 |
190 |
|
Overflow |
2021-04-11 |
2022-11-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. |
|
27 |
CVE-2021-28878 |
119 |
|
Overflow |
2021-04-11 |
2022-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. |
|
28 |
CVE-2021-28876 |
755 |
|
|
2021-04-11 |
2022-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. |
|
29 |
CVE-2021-28834 |
|
|
|
2021-03-19 |
2021-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. |
|
30 |
CVE-2021-28831 |
755 |
|
|
2021-03-19 |
2022-05-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. |
|
31 |
CVE-2021-28375 |
862 |
|
|
2021-03-15 |
2023-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. |
|
32 |
CVE-2021-28163 |
59 |
|
|
2021-04-01 |
2022-05-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. |
|
33 |
CVE-2021-27923 |
20 |
|
DoS |
2021-03-03 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. |
|
34 |
CVE-2021-27922 |
20 |
|
DoS |
2021-03-03 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. |
|
35 |
CVE-2021-27921 |
20 |
|
DoS |
2021-03-03 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. |
|
36 |
CVE-2021-27906 |
|
|
|
2021-03-19 |
2022-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. |
|
37 |
CVE-2021-27815 |
476 |
|
DoS |
2021-04-14 |
2022-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. |
|
38 |
CVE-2021-27807 |
834 |
|
|
2021-03-19 |
2022-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. |
|
39 |
CVE-2021-27803 |
|
|
DoS Exec Code |
2021-02-26 |
2022-05-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. |
|
40 |
CVE-2021-27291 |
|
|
DoS |
2021-03-17 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. |
|
41 |
CVE-2021-26937 |
88 |
|
DoS |
2021-02-09 |
2022-05-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. |
|
42 |
CVE-2021-26934 |
|
|
|
2021-02-17 |
2021-03-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. |
|
43 |
CVE-2021-26933 |
|
|
Bypass |
2021-02-17 |
2022-05-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. |
|
44 |
CVE-2021-26932 |
|
|
|
2021-02-17 |
2022-07-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. |
|
45 |
CVE-2021-26931 |
770 |
|
|
2021-02-17 |
2022-06-04 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. |
|
46 |
CVE-2021-26930 |
|
|
|
2021-02-17 |
2022-01-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. |
|
47 |
CVE-2021-26927 |
476 |
|
DoS |
2021-02-23 |
2021-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. |
|
48 |
CVE-2021-26926 |
125 |
|
|
2021-02-23 |
2021-03-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. |
|
49 |
CVE-2021-26925 |
79 |
|
XSS |
2021-02-09 |
2022-03-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. |
|
50 |
CVE-2021-26813 |
|
|
DoS |
2021-03-03 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. |
