Total
8866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21229 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2021-35268 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | |||||
| CVE-2021-31865 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. | |||||
| CVE-2021-25215 | 6 Debian, Fedoraproject, Isc and 3 more | 25 Debian Linux, Fedora, Bind and 22 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. | |||||
| CVE-2020-20445 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. | |||||
| CVE-2021-33813 | 5 Apache, Debian, Fedoraproject and 2 more | 6 Solr, Tika, Debian Linux and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | |||||
| CVE-2021-26260 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. | |||||
| CVE-2020-22049 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. | |||||
| CVE-2021-33909 | 6 Debian, Fedoraproject, Linux and 3 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | |||||
| CVE-2021-1093 | 2 Debian, Nvidia | 2 Debian Linux, Gpu Display Driver | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. | |||||
| CVE-2020-15180 | 4 Debian, Galeracluster, Mariadb and 1 more | 4 Debian Linux, Galera Cluster For Mysql, Mariadb and 1 more | 2024-02-28 | 6.8 MEDIUM | 9.0 CRITICAL |
| A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. | |||||
| CVE-2020-25669 | 3 Debian, Linux, Netapp | 21 Debian Linux, Linux Kernel, Cloud Backup and 18 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. | |||||
| CVE-2021-20228 | 2 Debian, Redhat | 4 Debian Linux, Ansible Automation Platform, Ansible Engine and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-3517 | 6 Debian, Fedoraproject, Netapp and 3 more | 29 Debian Linux, Fedora, Active Iq Unified Manager and 26 more | 2024-02-28 | 7.5 HIGH | 8.6 HIGH |
| There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. | |||||
| CVE-2020-27815 | 3 Debian, Linux, Netapp | 22 Debian Linux, Linux Kernel, Aff A250 and 19 more | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-22041 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. | |||||
| CVE-2020-25709 | 4 Apple, Debian, Openldap and 1 more | 5 Mac Os X, Macos, Debian Linux and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-35942 | 3 Debian, Gnu, Netapp | 7 Debian Linux, Glibc, Active Iq Unified Manager and 4 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | |||||
| CVE-2021-30851 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. | |||||
| CVE-2021-29264 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 4.7 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. | |||||