Skip to main content
CVE-2021-38197 CRITICAL POC PATCH Act Now

unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Go Unarr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-23419 CRITICAL POC PATCH Act Now

This affects the package open-graph before 0.2.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Open Graph
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38196 CRITICAL POC Act Now

An issue was discovered in the better-macro crate through 2021-07-22 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Better Macro
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-38195 CRITICAL POC PATCH Act Now

An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jwt Attack Libsecp256K1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-38194 CRITICAL POC PATCH Act Now

An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ark R1Cs Std
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38190 CRITICAL POC PATCH Act Now

An issue was discovered in the nalgebra crate before 0.27.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nalgebra
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-38189 CRITICAL POC PATCH Act Now

An issue was discovered in the lettre crate before 0.9.6 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lettre
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-38188 CRITICAL POC PATCH Act Now

An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iced X86
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38187 CRITICAL POC Act Now

An issue was discovered in the anymap crate through 0.12.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anymap
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-38185 HIGH POC PATCH This Week

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Cpio
NVD GitHub
CVSS 3.1
7.8
EPSS
4.2%
CVE-2021-38192 HIGH POC PATCH This Week

An issue was discovered in the prost-types crate before 0.8.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Prost
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38193 MEDIUM POC PATCH This Month

An issue was discovered in the ammonia crate before 3.1.0 for Rust. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ammonia
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-38186 MEDIUM POC PATCH This Month

An issue was discovered in the comrak crate before 0.10.1 for Rust. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Comrak
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-38191 MEDIUM POC PATCH This Month

An issue was discovered in the tokio crate before 1.8.1 for Rust. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Tokio
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-38208 MEDIUM POC PATCH This Month

net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-38203 MEDIUM POC PATCH This Month

btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel Hci Bootstrap Os Hci Management Node +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-38198 MEDIUM POC PATCH This Month

arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-38202 HIGH PATCH This Week

fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Linux Denial Of Service Linux Kernel +5
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38207 HIGH PATCH This Week

drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-38201 HIGH PATCH This Week

net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Denial Of Service Linux Kernel Hci Bootstrap Os +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-38204 MEDIUM PATCH This Month

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Denial Of Service Linux Kernel +1
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-38199 MEDIUM PATCH This Month

fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel Hci Bootstrap Os Hci Management Node +3
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-36221 MEDIUM PATCH This Month

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Race Condition Go Fedora Debian Linux +2
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2021-38206 MEDIUM PATCH This Month

The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-38200 MEDIUM PATCH This Month

arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-38209 LOW PATCH Monitor

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2021-38205 LOW PATCH Monitor

drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Linux Memory Corruption Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy