Apple Patches iOS Zero-Day
From DHS/US-CERT’s National Vulnerability Database CVE-2021-29249
PUBLISHED: 2021-03-26
BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.
CVE-2021-29264
PUBLISHED: 2021-03-26
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are us…
CVE-2021-29265
PUBLISHED: 2021-03-26
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.
CVE-2021-29266
PUBLISHED: 2021-03-26
An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.
CVE-2021-20206
PUBLISHED: 2021-03-26
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the ‘type’ field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on th…
Read More HERE