CVE-2021-22884
Summary: Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When...
Release Notes
CVE-2021-30547
Summary: Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform...
CVE-2021-30553
Summary: Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit...
CVE-2021-26690
Summary: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL...
CVE-2021-31618
Summary: Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured...
CVE-2021-30547
Summary: Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform...
CVE-2021-36367
Summary: PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response....
CVE-2020-24149
Summary: Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in...
CVE-2021-26690
Summary: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL...
CVE-2021-31618
Summary: Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured...
CVE-2021-3613
Summary: OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file...
CVE-2019-12779
Summary: libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames...
CVE-2019-11074
Summary: A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers...
CVE-2021-29966
Summary: Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption...
CVE-2021-31542
Summary: In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal...
CVE-2021-33502
Summary: The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression...
CVE-2021-28676
Summary: An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block...
CVE-2021-33587
Summary: The css-what package before 5.0.1 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to...
CVE-2021-21230
Summary: Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption...
CVE-2021-1788
Summary: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur...
CVE-2021-33502
Summary: The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression...
CVE-2020-28648
Summary: Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote...
CVE-2021-32918
Summary: An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via...
CVE-2021-32919
Summary: An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for...
