CVE Notify
19.1K subscribers
4 photos
184K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
⚠️ℹ️⚠️ Hi everybody! To continue providing posts and keeping this channel alive, we accept advertising on the channel.
For advertising plans contact @SirMalware ⚠️ℹ️⚠️
CVE Notify pinned «⚠️ℹ️⚠️ Hi everybody! To continue providing posts and keeping this channel alive, we accept advertising on the channel. For advertising plans contact @SirMalware ⚠️ℹ️⚠️»
🚨 CVE-2021-30890
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.

🎖@cveNotify
🚨 CVE-2021-30887
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.

🎖@cveNotify
⚠️ℹ️⚠️ Hi everybody! To continue providing posts and keeping this channel alive, we accept advertising on the channel.
For advertising plans contact @SirMalware ⚠️ℹ️⚠️
CVE Notify pinned «⚠️ℹ️⚠️ Hi everybody! To continue providing posts and keeping this channel alive, we accept advertising on the channel. For advertising plans contact @SirMalware ⚠️ℹ️⚠️»
🚨 CVE-2021-3027
app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.

🎖@cveNotify
🚨 CVE-2021-45480
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.

🎖@cveNotify
🚨 CVE-2021-45481
In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.

🎖@cveNotify
🚨 CVE-2021-45489
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.

🎖@cveNotify
🚨 CVE-2021-45488
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.

🎖@cveNotify
🚨 CVE-2021-45487
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.

🎖@cveNotify
🚨 CVE-2021-45486
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

🎖@cveNotify
🚨 CVE-2021-45485
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

🎖@cveNotify
🚨 CVE-2021-45484
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.

🎖@cveNotify