Vulnerabilities (CVE)

Total 171162 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3830 2021-09-26 N/A N/A
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-20314 3 Fedoraproject, Libspf2, Redhat 3 Fedora, Libspf2, Enterprise Linux 2021-09-26 7.5 HIGH 9.8 CRITICAL
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
CVE-2021-41073 2021-09-25 N/A N/A
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
CVE-2021-40490 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2021-09-25 4.4 MEDIUM 7.0 HIGH
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
CVE-2021-38199 1 Linux 1 Linux Kernel 2021-09-25 3.3 LOW 6.5 MEDIUM
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
CVE-2021-38166 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2021-09-25 4.6 MEDIUM 7.8 HIGH
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
CVE-2021-38160 1 Linux 1 Linux Kernel 2021-09-25 7.2 HIGH 7.8 HIGH
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.
CVE-2021-3679 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2021-09-25 2.1 LOW 5.5 MEDIUM
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
CVE-2021-37576 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2021-09-25 7.2 HIGH 7.8 HIGH
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
CVE-2020-16119 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2021-09-25 4.6 MEDIUM 7.8 HIGH
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
CVE-2020-3702 1 Qualcomm 22 Apq8053, Apq8053 Firmware, Ipq4019 and 19 more 2021-09-25 5.0 MEDIUM 7.5 HIGH
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
CVE-2021-36969 1 Microsoft 9 Windows 10, Windows 7, Windows 8.1 and 6 more 2021-09-25 2.1 LOW 5.5 MEDIUM
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38635, CVE-2021-38636.
CVE-2021-36972 1 Microsoft 7 Windows 10, Windows 8.1, Windows Rt 8.1 and 4 more 2021-09-25 2.1 LOW 5.5 MEDIUM
Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36960.
CVE-2021-36965 1 Microsoft 9 Windows 10, Windows 7, Windows 8.1 and 6 more 2021-09-25 7.5 HIGH 9.8 CRITICAL
Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
CVE-2021-22149 1 Elastic 1 Enterprise Search 2021-09-25 6.5 MEDIUM 8.8 HIGH
Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
CVE-2021-22148 1 Elastic 1 Enterprise Search 2021-09-25 5.5 MEDIUM 8.1 HIGH
Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
CVE-2021-22147 1 Elastic 1 Elasticsearch 2021-09-25 4.0 MEDIUM 6.5 MEDIUM
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
CVE-2021-2464 2021-09-25 N/A 7.8 HIGH
Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVE-2021-40438 2021-09-25 N/A N/A
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-39275 2021-09-25 N/A N/A
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.