Search Results (365339 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38263 1 Liferay 2 Digital Experience Platform, Liferay Portal 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script.
CVE-2021-38260 1 Nxp 1 Mcuxpresso Software Development Kit 2024-11-21 7.8 High
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
CVE-2021-38258 1 Nxp 1 Mcuxpresso Software Development Kit 2024-11-21 7.8 High
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
CVE-2021-38244 1 Cbioportal Project 1 Cbioportal 2024-11-21 7.5 High
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json.
CVE-2021-38221 1 Bbs-go Project 1 Bbs-go 2024-11-21 5.4 Medium
bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS.
CVE-2021-38209 1 Linux 1 Linux Kernel 2024-11-21 3.3 Low
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.
CVE-2021-38208 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
CVE-2021-38207 1 Linux 1 Linux Kernel 2024-11-21 7.5 High
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.
CVE-2021-38206 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.
CVE-2021-38205 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 3.3 Low
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
CVE-2021-38204 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 6.8 Medium
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
CVE-2021-38203 2 Linux, Netapp 7 Linux Kernel, Element Software, Hci Bootstrap Os and 4 more 2024-11-21 5.5 Medium
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
CVE-2021-38201 3 Linux, Netapp, Redhat 8 Linux Kernel, Element Software, Hci Bootstrap Os and 5 more 2024-11-21 7.5 High
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
CVE-2021-38200 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command.
CVE-2021-38199 3 Debian, Linux, Netapp 8 Debian Linux, Linux Kernel, Element Software and 5 more 2024-11-21 6.5 Medium
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
CVE-2021-38198 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
CVE-2021-38197 1 Go-unarr Project 1 Go-unarr 2024-11-21 9.8 Critical
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
CVE-2021-38196 1 Better-macro Project 1 Better-macro 2024-11-21 9.8 Critical
An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.
CVE-2021-38195 1 Parity 1 Libsecp256k1 2024-11-21 9.8 Critical
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow.
CVE-2021-38194 1 Arcworks 1 Ark-r1cs-std 2024-11-21 9.8 Critical
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.