Filtered by vendor Debian
Subscribe
Total
9005 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21201 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2021-38204 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. | |||||
CVE-2021-30485 | 2 Debian, Ezxml Project | 2 Debian Linux, Ezxml | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. | |||||
CVE-2021-35063 | 3 Debian, Fedoraproject, Oisf | 3 Debian Linux, Fedora, Suricata | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." | |||||
CVE-2021-21857 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2020-22023 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences. | |||||
CVE-2021-20309 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. | |||||
CVE-2020-22042 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. | |||||
CVE-2021-32492 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. | |||||
CVE-2021-21223 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2021-21840 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21217 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
CVE-2021-30158 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. | |||||
CVE-2020-22037 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. | |||||
CVE-2020-22029 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. | |||||
CVE-2020-22015 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. | |||||
CVE-2021-3518 | 6 Debian, Fedoraproject, Netapp and 3 more | 19 Debian Linux, Fedora, Active Iq Unified Manager and 16 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | |||||
CVE-2021-36054 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
CVE-2020-22034 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. | |||||
CVE-2021-3475 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. |