Total
8866 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21223 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2021-21840 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21217 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
CVE-2021-30158 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. | |||||
CVE-2020-22037 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. | |||||
CVE-2020-22029 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. | |||||
CVE-2020-22015 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. | |||||
CVE-2021-3518 | 6 Debian, Fedoraproject, Netapp and 3 more | 19 Debian Linux, Fedora, Active Iq Unified Manager and 16 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | |||||
CVE-2021-36054 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
CVE-2020-22034 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. | |||||
CVE-2021-3475 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. | |||||
CVE-2021-38199 | 3 Debian, Linux, Netapp | 8 Debian Linux, Linux Kernel, Element Software and 5 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. | |||||
CVE-2021-31806 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Cloud Manager and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | |||||
CVE-2021-35269 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | |||||
CVE-2021-34552 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Pillow | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | |||||
CVE-2021-20307 | 3 Debian, Fedoraproject, Libpano13 Project | 3 Debian Linux, Fedora, Libpano13 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. | |||||
CVE-2021-38173 | 3 Debian, Digint, Fedoraproject | 3 Debian Linux, Btrbk, Fedora | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. | |||||
CVE-2021-21202 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.6 HIGH |
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
CVE-2021-35472 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2024-02-28 | 6.0 MEDIUM | 8.8 HIGH |
An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users. | |||||
CVE-2020-36322 | 3 Debian, Linux, Starwindsoftware | 3 Debian Linux, Linux Kernel, Starwind Virtual San | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. |