| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-44026 |
89 |
|
Sql |
2021-11-19 |
2021-12-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. |
|
2 |
CVE-2021-44025 |
79 |
|
XSS |
2021-11-19 |
2021-12-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. |
|
3 |
CVE-2021-43056 |
|
|
|
2021-10-28 |
2021-11-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. |
|
4 |
CVE-2021-42782 |
787 |
|
Overflow |
2022-04-18 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. |
|
5 |
CVE-2021-42781 |
787 |
|
Overflow |
2022-04-18 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. |
|
6 |
CVE-2021-42780 |
252 |
|
|
2022-04-18 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. |
|
7 |
CVE-2021-42779 |
416 |
|
|
2022-04-18 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. |
|
8 |
CVE-2021-42778 |
415 |
|
|
2022-04-18 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. |
|
9 |
CVE-2021-42762 |
|
|
Bypass |
2021-10-20 |
2021-11-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. |
|
10 |
CVE-2021-42739 |
787 |
|
Overflow |
2021-10-20 |
2022-11-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
|
11 |
CVE-2021-42716 |
120 |
|
Overflow |
2021-10-21 |
2022-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location. |
|
12 |
CVE-2021-42715 |
835 |
|
DoS |
2021-10-21 |
2023-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. |
|
13 |
CVE-2021-42574 |
94 |
|
|
2021-11-01 |
2022-10-25 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm. |
|
14 |
CVE-2021-42386 |
416 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function |
|
15 |
CVE-2021-42385 |
416 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
|
16 |
CVE-2021-42384 |
416 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function |
|
17 |
CVE-2021-42383 |
416 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
|
18 |
CVE-2021-42382 |
416 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function |
|
19 |
CVE-2021-42381 |
416 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function |
|
20 |
CVE-2021-42380 |
416 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function |
|
21 |
CVE-2021-42379 |
416 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function |
|
22 |
CVE-2021-42378 |
416 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function |
|
23 |
CVE-2021-42377 |
763 |
|
DoS Exec Code |
2021-11-15 |
2023-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. |
|
24 |
CVE-2021-42376 |
476 |
|
DoS |
2021-11-15 |
2023-04-25 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. |
|
25 |
CVE-2021-42375 |
|
|
DoS |
2021-11-15 |
2023-04-25 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. |
|
26 |
CVE-2021-42374 |
125 |
|
DoS +Info |
2021-11-15 |
2023-04-25 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that |
|
27 |
CVE-2021-42373 |
476 |
|
DoS |
2021-11-15 |
2023-04-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given |
|
28 |
CVE-2021-41991 |
190 |
|
Exec Code Overflow |
2021-10-18 |
2022-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. |
|
29 |
CVE-2021-41990 |
190 |
|
Exec Code Overflow |
2021-10-18 |
2022-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur. |
|
30 |
CVE-2021-41864 |
190 |
|
Overflow |
2021-10-02 |
2022-03-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. |
|
31 |
CVE-2021-41800 |
770 |
|
DoS |
2021-10-11 |
2023-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. |
|
32 |
CVE-2021-41799 |
770 |
|
DoS |
2021-10-11 |
2023-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. |
|
33 |
CVE-2021-41798 |
79 |
|
XSS |
2021-10-11 |
2023-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. |
|
34 |
CVE-2021-41617 |
|
|
|
2021-09-26 |
2023-02-14 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. |
|
35 |
CVE-2021-41184 |
79 |
|
Exec Code XSS |
2021-10-26 |
2022-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. |
|
36 |
CVE-2021-41183 |
79 |
|
Exec Code XSS |
2021-10-26 |
2022-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. |
|
37 |
CVE-2021-41182 |
79 |
|
Exec Code XSS |
2021-10-26 |
2022-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. |
|
38 |
CVE-2021-41160 |
787 |
|
|
2021-10-21 |
2022-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. |
|
39 |
CVE-2021-41133 |
20 |
|
|
2021-10-08 |
2021-12-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version. |
|
40 |
CVE-2021-41099 |
190 |
|
DoS Exec Code Overflow |
2021-10-04 |
2022-10-29 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. |
|
41 |
CVE-2021-41073 |
269 |
|
+Priv |
2021-09-19 |
2023-01-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. |
|
42 |
CVE-2021-40530 |
327 |
|
|
2021-09-06 |
2021-10-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. |
|
43 |
CVE-2021-40490 |
362 |
|
|
2021-09-03 |
2022-04-05 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. |
|
44 |
CVE-2021-40346 |
190 |
|
Overflow Bypass |
2021-09-08 |
2021-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. |
|
45 |
CVE-2021-40153 |
22 |
|
Dir. Trav. |
2021-08-27 |
2023-05-30 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. |
|
46 |
CVE-2021-39360 |
295 |
|
|
2021-08-22 |
2021-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. |
|
47 |
CVE-2021-39358 |
295 |
|
|
2021-08-22 |
2021-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. |
|
48 |
CVE-2021-39272 |
319 |
|
|
2021-08-30 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. |
|
49 |
CVE-2021-39254 |
190 |
|
Overflow |
2021-09-07 |
2023-01-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. |
|
50 |
CVE-2021-39253 |
125 |
|
|
2021-09-07 |
2023-01-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. |
