Skip to main content
CVE-2021-29923 HIGH POC PATCH This Week

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Go Timesten In Memory Database Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2021-38169 HIGH This Week

Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Roxy Wi
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-38168 HIGH This Week

Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Roxy Wi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38166 HIGH PATCH This Week

In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow Linux Kernel Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-38160 HIGH PATCH This Week

In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Hci Bootstrap Os Hci Management Node +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy