Total
171162 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3830 | 2021-09-26 | N/A | N/A | ||
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-20314 | 3 Fedoraproject, Libspf2, Redhat | 3 Fedora, Libspf2, Enterprise Linux | 2021-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. | |||||
| CVE-2021-41073 | 2021-09-25 | N/A | N/A | ||
| loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. | |||||
| CVE-2021-40490 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-09-25 | 4.4 MEDIUM | 7.0 HIGH |
| A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | |||||
| CVE-2021-38199 | 1 Linux | 1 Linux Kernel | 2021-09-25 | 3.3 LOW | 6.5 MEDIUM |
| fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. | |||||
| CVE-2021-38166 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-09-25 | 4.6 MEDIUM | 7.8 HIGH |
| In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability. | |||||
| CVE-2021-38160 | 1 Linux | 1 Linux Kernel | 2021-09-25 | 7.2 HIGH | 7.8 HIGH |
| ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior. | |||||
| CVE-2021-3679 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2021-09-25 | 2.1 LOW | 5.5 MEDIUM |
| A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. | |||||
| CVE-2021-37576 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-09-25 | 7.2 HIGH | 7.8 HIGH |
| arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. | |||||
| CVE-2020-16119 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2021-09-25 | 4.6 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. | |||||
| CVE-2020-3702 | 1 Qualcomm | 22 Apq8053, Apq8053 Firmware, Ipq4019 and 19 more | 2021-09-25 | 5.0 MEDIUM | 7.5 HIGH |
| u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 | |||||
| CVE-2021-36969 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-25 | 2.1 LOW | 5.5 MEDIUM |
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38635, CVE-2021-38636. | |||||
| CVE-2021-36972 | 1 Microsoft | 7 Windows 10, Windows 8.1, Windows Rt 8.1 and 4 more | 2021-09-25 | 2.1 LOW | 5.5 MEDIUM |
| Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36960. | |||||
| CVE-2021-36965 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | |||||
| CVE-2021-22149 | 1 Elastic | 1 Enterprise Search | 2021-09-25 | 6.5 MEDIUM | 8.8 HIGH |
| Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users. | |||||
| CVE-2021-22148 | 1 Elastic | 1 Enterprise Search | 2021-09-25 | 5.5 MEDIUM | 8.1 HIGH |
| Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines. | |||||
| CVE-2021-22147 | 1 Elastic | 1 Elasticsearch | 2021-09-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. | |||||
| CVE-2021-2464 | 2021-09-25 | N/A | 7.8 HIGH | ||
| Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-40438 | 2021-09-25 | N/A | N/A | ||
| A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2021-39275 | 2021-09-25 | N/A | N/A | ||
| ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||