6 matches found
CVE-2021-41819
CVE-2021-41819 affects Ruby and the CGI::Cookie.parse function; Ruby up to 2.6.8 (and CGI gem up to 0.3.0) mishandle security prefixes in cookie names, enabling cookie-prefix spoofing. Public advisories confirm this and list affected Ruby versions across multiple distributions (AL2, AL2 Ruby3.0 e...
CVE-2021-41817
CVE-2021-41817 is a Ruby-related ReDoS in Date parsing. The vulnerability affects Ruby’s date parsing pathways (notably date parsing methods) up to versions around 3.2.0, enabling denial-of-service via crafted date strings. The fixed releases cited in the sources are 3.2.1, 3.1.2, 3.0.2, and 2.0....
CVE-2021-4166
CVE-2021-4166 is a Vim vulnerability categorized as an out-of-bounds read affecting Vim buffers. Public references in the connected documents confirm the issue, with remediation guidance tied to Vim updates. The Cloud Foundry advisory (USN-6026-1) and related AWS/Linux bulletins indicate Vim fixe...
CVE-2021-45082
CVE-2021-45082 affects Cobbler prior to 3.3.1. The issue resides in templar.py, where the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring (only lines starting with #import are blocked). This could enable unintended module ...
CVE-2021-46141
CVE-2021-46141 affects uriparser prior to 0.9.6, with invalid free operations in uriFreeUriMembers and uriMakeOwner. Multiple advisories (Debian, Fedora, ALAS) indicate potential DoS or arbitrary code execution, mitigated by upgrading to 0.9.6 or later; some advisories specify version updates (e....
CVE-2021-46142
The CVE concerns uriparser before 0.9.6, which performs invalid free operations in uriNormalizeSyntax. Connected advisories confirm this affects uriparser across multiple distributions and versions, with fixes provided in version 0.9.6 and later. Impact noted in Debian advisories includes potenti...