Search Results (364230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38204 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 6.8 Medium
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
CVE-2021-38203 2 Linux, Netapp 7 Linux Kernel, Element Software, Hci Bootstrap Os and 4 more 2024-11-21 5.5 Medium
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
CVE-2021-38201 3 Linux, Netapp, Redhat 8 Linux Kernel, Element Software, Hci Bootstrap Os and 5 more 2024-11-21 7.5 High
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
CVE-2021-38200 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command.
CVE-2021-38199 3 Debian, Linux, Netapp 8 Debian Linux, Linux Kernel, Element Software and 5 more 2024-11-21 6.5 Medium
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
CVE-2021-38198 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
CVE-2021-38197 1 Go-unarr Project 1 Go-unarr 2024-11-21 9.8 Critical
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
CVE-2021-38196 1 Better-macro Project 1 Better-macro 2024-11-21 9.8 Critical
An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.
CVE-2021-38195 1 Parity 1 Libsecp256k1 2024-11-21 9.8 Critical
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow.
CVE-2021-38194 1 Arcworks 1 Ark-r1cs-std 2024-11-21 9.8 Critical
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.
CVE-2021-38193 1 Ammonia Project 1 Ammonia 2024-11-21 6.1 Medium
An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.
CVE-2021-38192 1 Prost Project 1 Prost 2024-11-21 7.5 High
An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime.
CVE-2021-38191 1 Tokio 1 Tokio 2024-11-21 5.9 Medium
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.
CVE-2021-38190 1 Dimforge 1 Nalgebra 2024-11-21 9.8 Critical
An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count.
CVE-2021-38189 1 Lettre 1 Lettre 2024-11-21 9.8 Critical
An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then inject arbitrary SMTP commands.
CVE-2021-38188 1 Iced-x86 Project 1 Iced-x86 2024-11-21 9.8 Critical
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely.
CVE-2021-38187 1 Anymap Project 1 Anymap 2024-11-21 9.8 Critical
An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64.
CVE-2021-38186 1 Comrak Project 1 Comrak 2024-11-21 6.1 Medium
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.
CVE-2021-38183 1 Sap 1 Netweaver 2024-11-21 6.1 Medium
SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.
CVE-2021-38182 1 Kyma-project 1 Kyma 2024-11-21 8.8 High
Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster.