Total
8866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29473 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2024-02-28 | 2.6 LOW | 2.5 LOW |
| Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security. | |||||
| CVE-2021-3527 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. | |||||
| CVE-2020-25672 | 4 Debian, Fedoraproject, Linux and 1 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | |||||
| CVE-2020-22046 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. | |||||
| CVE-2021-3545 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
| An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. | |||||
| CVE-2021-3504 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
| A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-28695 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). | |||||
| CVE-2020-36310 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. | |||||
| CVE-2021-2388 | 2 Debian, Oracle | 3 Debian Linux, Graalvm, Jdk | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-21853 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-3479 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. | |||||
| CVE-2021-3544 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
| Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. | |||||
| CVE-2020-36476 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory. | |||||
| CVE-2021-29457 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. | |||||
| CVE-2021-21834 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-23434 | 2 Debian, Object-path Project | 2 Debian Linux, Object-path | 2024-02-28 | 7.5 HIGH | 8.6 HIGH |
| This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different. | |||||
| CVE-2021-36046 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-25214 | 5 Debian, Fedoraproject, Isc and 2 more | 24 Debian Linux, Fedora, Bind and 21 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. | |||||
| CVE-2020-35452 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2024-02-28 | 6.8 MEDIUM | 7.3 HIGH |
| Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow | |||||
| CVE-2021-36222 | 4 Debian, Mit, Netapp and 1 more | 7 Debian Linux, Kerberos 5, Active Iq Unified Manager and 4 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. | |||||