Search Results (365158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38258 1 Nxp 1 Mcuxpresso Software Development Kit 2024-11-21 7.8 High
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
CVE-2021-38244 1 Cbioportal Project 1 Cbioportal 2024-11-21 7.5 High
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json.
CVE-2021-38221 1 Bbs-go Project 1 Bbs-go 2024-11-21 5.4 Medium
bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS.
CVE-2021-38209 1 Linux 1 Linux Kernel 2024-11-21 3.3 Low
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.
CVE-2021-38208 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
CVE-2021-38207 1 Linux 1 Linux Kernel 2024-11-21 7.5 High
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.
CVE-2021-38206 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.
CVE-2021-38205 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 3.3 Low
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
CVE-2021-38204 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 6.8 Medium
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
CVE-2021-38203 2 Linux, Netapp 7 Linux Kernel, Element Software, Hci Bootstrap Os and 4 more 2024-11-21 5.5 Medium
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
CVE-2021-38201 3 Linux, Netapp, Redhat 8 Linux Kernel, Element Software, Hci Bootstrap Os and 5 more 2024-11-21 7.5 High
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
CVE-2021-38200 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command.
CVE-2021-38199 3 Debian, Linux, Netapp 8 Debian Linux, Linux Kernel, Element Software and 5 more 2024-11-21 6.5 Medium
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
CVE-2021-38198 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
CVE-2021-38197 1 Go-unarr Project 1 Go-unarr 2024-11-21 9.8 Critical
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
CVE-2021-38196 1 Better-macro Project 1 Better-macro 2024-11-21 9.8 Critical
An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.
CVE-2021-38195 1 Parity 1 Libsecp256k1 2024-11-21 9.8 Critical
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow.
CVE-2021-38194 1 Arcworks 1 Ark-r1cs-std 2024-11-21 9.8 Critical
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.
CVE-2021-38193 1 Ammonia Project 1 Ammonia 2024-11-21 6.1 Medium
An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.
CVE-2021-38192 1 Prost Project 1 Prost 2024-11-21 7.5 High
An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime.