Security Vulnerabilities - CVEs Published In 2021
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-25
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-25
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-25
In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-12-25
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-12-25
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-12-25
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-12-24
The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-24
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).
CVSS Score
7.5
EPSS Score
0.013
Published
2021-12-24
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.5
EPSS Score
0.002
Published
2021-12-24