Total
8866 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15078 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | |||||
CVE-2021-39257 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2024-02-28 | 4.7 MEDIUM | 5.5 MEDIUM |
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. | |||||
CVE-2021-3713 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 4.6 MEDIUM | 7.4 HIGH |
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. | |||||
CVE-2021-32920 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. | |||||
CVE-2021-32490 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. | |||||
CVE-2021-20313 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2020-21675 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | |||||
CVE-2020-18442 | 3 Debian, Fedoraproject, Zziplib Project | 3 Debian Linux, Fedora, Zziplib | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". | |||||
CVE-2021-3612 | 6 Debian, Fedoraproject, Linux and 3 more | 26 Debian Linux, Fedora, Linux Kernel and 23 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2021-32610 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Archive Tar | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. | |||||
CVE-2021-3580 | 4 Debian, Netapp, Nettle Project and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Nettle and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. | |||||
CVE-2021-21775 | 3 Debian, Fedoraproject, Webkitgtk | 3 Debian Linux, Fedora, Webkitgtk | 2024-02-28 | 6.0 MEDIUM | 8.0 HIGH |
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. | |||||
CVE-2021-3477 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. | |||||
CVE-2020-13950 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service | |||||
CVE-2021-31866 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. | |||||
CVE-2021-39371 | 2 Debian, Osgeo | 3 Debian Linux, Owslib, Pywps | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected. | |||||
CVE-2021-31864 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler. | |||||
CVE-2020-24511 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2021-39251 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. | |||||
CVE-2021-21203 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |