Filtered by vendor Debian
Subscribe
Total
9005 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38199 | 3 Debian, Linux, Netapp | 8 Debian Linux, Linux Kernel, Element Software and 5 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
| fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. | |||||
| CVE-2021-31806 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Cloud Manager and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | |||||
| CVE-2021-35269 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
| NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | |||||
| CVE-2021-34552 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Pillow | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | |||||
| CVE-2021-20307 | 3 Debian, Fedoraproject, Libpano13 Project | 3 Debian Linux, Fedora, Libpano13 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. | |||||
| CVE-2021-38173 | 3 Debian, Digint, Fedoraproject | 3 Debian Linux, Btrbk, Fedora | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. | |||||
| CVE-2021-21202 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.6 HIGH |
| Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2021-35472 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2024-02-28 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users. | |||||
| CVE-2020-36322 | 3 Debian, Linux, Starwindsoftware | 3 Debian Linux, Linux Kernel, Starwind Virtual San | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. | |||||
| CVE-2021-21229 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2021-35268 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | |||||
| CVE-2021-31865 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. | |||||
| CVE-2021-25215 | 6 Debian, Fedoraproject, Isc and 3 more | 25 Debian Linux, Fedora, Bind and 22 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. | |||||
| CVE-2020-20445 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. | |||||
| CVE-2021-33813 | 5 Apache, Debian, Fedoraproject and 2 more | 6 Solr, Tika, Debian Linux and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | |||||
| CVE-2021-26260 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. | |||||
| CVE-2020-22049 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. | |||||
| CVE-2021-33909 | 6 Debian, Fedoraproject, Linux and 3 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | |||||
| CVE-2021-1093 | 2 Debian, Nvidia | 2 Debian Linux, Gpu Display Driver | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. | |||||
| CVE-2020-15180 | 4 Debian, Galeracluster, Mariadb and 1 more | 4 Debian Linux, Galera Cluster For Mysql, Mariadb and 1 more | 2024-02-28 | 6.8 MEDIUM | 9.0 CRITICAL |
| A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. | |||||