| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-44790 |
787 |
|
Overflow |
2021-12-20 |
2022-11-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. |
|
2 |
CVE-2021-43976 |
|
|
DoS |
2021-11-17 |
2023-02-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). |
|
3 |
CVE-2021-43975 |
787 |
|
|
2021-11-17 |
2022-04-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. |
|
4 |
CVE-2021-43527 |
787 |
|
Overflow |
2021-12-08 |
2023-02-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. |
|
5 |
CVE-2021-42377 |
763 |
|
DoS Exec Code |
2021-11-15 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. |
|
6 |
CVE-2021-42376 |
476 |
|
DoS |
2021-11-15 |
2022-03-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. |
|
7 |
CVE-2021-42375 |
|
|
DoS |
2021-11-15 |
2022-03-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. |
|
8 |
CVE-2021-42374 |
125 |
|
DoS +Info |
2021-11-15 |
2022-03-31 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that |
|
9 |
CVE-2021-42373 |
476 |
|
DoS |
2021-11-15 |
2022-03-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given |
|
10 |
CVE-2021-42013 |
22 |
|
Exec Code Dir. Trav. |
2021-10-07 |
2022-10-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. |
|
11 |
CVE-2021-41864 |
190 |
|
Overflow |
2021-10-02 |
2022-03-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. |
|
12 |
CVE-2021-41773 |
22 |
|
Exec Code Dir. Trav. |
2021-10-05 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. |
|
13 |
CVE-2021-41524 |
476 |
|
|
2021-10-05 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. |
|
14 |
CVE-2021-41073 |
269 |
|
+Priv |
2021-09-19 |
2023-01-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. |
|
15 |
CVE-2021-40438 |
918 |
|
|
2021-09-16 |
2022-10-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. |
|
16 |
CVE-2021-39275 |
787 |
|
|
2021-09-16 |
2022-10-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. |
|
17 |
CVE-2021-38300 |
|
|
Exec Code |
2021-09-20 |
2023-03-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture. |
|
18 |
CVE-2021-36160 |
125 |
|
|
2021-09-16 |
2022-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). |
|
19 |
CVE-2021-34798 |
476 |
|
|
2021-09-16 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. |
|
20 |
CVE-2021-33574 |
416 |
|
DoS |
2021-05-25 |
2022-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. |
|
21 |
CVE-2021-33200 |
787 |
|
|
2021-05-27 |
2023-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. |
|
22 |
CVE-2021-33068 |
476 |
|
DoS |
2022-02-09 |
2022-02-15 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. |
|
23 |
CVE-2021-32399 |
362 |
|
|
2021-05-10 |
2022-05-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. |
|
24 |
CVE-2021-31879 |
601 |
|
|
2021-04-29 |
2022-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. |
|
25 |
CVE-2021-31440 |
682 |
|
Exec Code |
2021-05-21 |
2022-05-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. |
|
26 |
CVE-2021-29489 |
79 |
|
Exec Code XSS |
2021-05-05 |
2022-06-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup. |
|
27 |
CVE-2021-29154 |
77 |
|
Exec Code |
2021-04-08 |
2023-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. |
|
28 |
CVE-2021-28972 |
120 |
|
Overflow |
2021-03-22 |
2022-06-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. |
|
29 |
CVE-2021-28971 |
755 |
|
|
2021-03-22 |
2022-07-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. |
|
30 |
CVE-2021-28964 |
362 |
|
DoS |
2021-03-22 |
2022-06-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. |
|
31 |
CVE-2021-28952 |
120 |
|
Overflow |
2021-03-20 |
2022-05-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) |
|
32 |
CVE-2021-28951 |
667 |
|
DoS |
2021-03-20 |
2022-05-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. |
|
33 |
CVE-2021-28691 |
416 |
|
|
2021-06-29 |
2022-04-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. |
|
34 |
CVE-2021-28660 |
787 |
|
|
2021-03-17 |
2023-01-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. |
|
35 |
CVE-2021-28375 |
862 |
|
|
2021-03-15 |
2023-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. |
|
36 |
CVE-2021-28041 |
415 |
|
|
2021-03-05 |
2022-05-20 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. |
|
37 |
CVE-2021-28039 |
131 |
|
|
2021-03-05 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. |
|
38 |
CVE-2021-28038 |
770 |
|
DoS |
2021-03-05 |
2022-05-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. |
|
39 |
CVE-2021-27363 |
|
|
|
2021-03-07 |
2022-05-23 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. |
|
40 |
CVE-2021-27219 |
681 |
|
Overflow Mem. Corr. |
2021-02-15 |
2022-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. |
|
41 |
CVE-2021-27218 |
681 |
|
|
2021-02-15 |
2022-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. |
|
42 |
CVE-2021-26932 |
|
|
|
2021-02-17 |
2022-07-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. |
|
43 |
CVE-2021-26708 |
269 |
|
|
2021-02-05 |
2022-02-25 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. |
|
44 |
CVE-2021-26691 |
787 |
|
Overflow |
2021-06-10 |
2022-03-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow |
|
45 |
CVE-2021-25219 |
|
|
|
2021-10-27 |
2022-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. |
|
46 |
CVE-2021-25216 |
125 |
|
Exec Code Overflow |
2021-04-29 |
2022-05-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security. |
|
47 |
CVE-2021-25215 |
617 |
|
|
2021-04-29 |
2022-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. |
|
48 |
CVE-2021-25214 |
617 |
|
|
2021-04-29 |
2022-04-25 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. |
|
49 |
CVE-2021-23336 |
444 |
|
|
2021-02-15 |
2022-03-04 |
4.0 |
None |
Remote |
High |
Not required |
None |
Partial |
Partial |
|
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. |
|
50 |
CVE-2021-23239 |
59 |
|
|
2021-01-12 |
2022-11-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. |
