cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

CVE-2021-44026

Known exploited
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.60%
Published
2021-11-19
Updated
2021-12-16
CISA KEV Added
2023-06-22
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.13%
Published
2021-11-19
Updated
2021-12-16
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-10-28
Updated
2021-11-28
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
Source: Red Hat, Inc.
Max CVSS
5.3
EPSS Score
0.21%
Published
2022-04-18
Updated
2023-06-21
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
Source: Red Hat, Inc.
Max CVSS
5.3
EPSS Score
0.21%
Published
2022-04-18
Updated
2023-06-21
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
Source: Red Hat, Inc.
Max CVSS
5.3
EPSS Score
0.13%
Published
2022-04-18
Updated
2023-06-21
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
Source: Red Hat, Inc.
Max CVSS
5.3
EPSS Score
0.13%
Published
2022-04-18
Updated
2023-06-21
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
Source: Red Hat, Inc.
Max CVSS
5.3
EPSS Score
0.10%
Published
2022-04-18
Updated
2022-09-29
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.05%
Published
2021-10-20
Updated
2021-11-26
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
Source: MITRE
Max CVSS
6.7
EPSS Score
0.04%
Published
2021-10-20
Updated
2024-03-24
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
Source: MITRE
Max CVSS
7.1
EPSS Score
0.18%
Published
2021-10-21
Updated
2022-05-13
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.12%
Published
2021-10-21
Updated
2023-02-22
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.
Source: MITRE
Max CVSS
8.3
EPSS Score
0.24%
Published
2021-11-01
Updated
2024-05-17
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
Source: JFrog
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
Source: JFrog
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
Source: JFrog
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
Source: JFrog
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
Source: JFrog
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
Source: JFrog
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
Source: JFrog
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
Source: JFrog
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
Source: JFrog
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
Source: JFrog
Max CVSS
9.8
EPSS Score
1.56%
Published
2021-11-15
Updated
2023-04-25
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
Source: JFrog
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-11-15
Updated
2023-04-25
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
Source: JFrog
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-11-15
Updated
2023-04-25
1208 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!