Filtered by vendor Debian
Subscribe
Total
9012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3498 | 3 Debian, Gstreamer Project, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. | |||||
| CVE-2021-3497 | 3 Debian, Gstreamer Project, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | |||||
| CVE-2021-3483 | 3 Debian, Linux, Netapp | 19 Debian Linux, Linux Kernel, Cloud Backup and 16 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected | |||||
| CVE-2021-3482 | 4 Debian, Exiv2, Fedoraproject and 1 more | 4 Debian Linux, Exiv2, Fedora and 1 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. | |||||
| CVE-2021-3479 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. | |||||
| CVE-2021-3478 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. | |||||
| CVE-2021-3477 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. | |||||
| CVE-2021-3476 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. | |||||
| CVE-2021-3475 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. | |||||
| CVE-2021-3474 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. | |||||
| CVE-2021-3472 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-3468 | 2 Avahi, Debian | 2 Avahi, Debian Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. | |||||
| CVE-2021-3449 | 12 Checkpoint, Debian, Fedoraproject and 9 more | 167 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 164 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). | |||||
| CVE-2021-3444 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. | |||||
| CVE-2021-3426 | 6 Debian, Fedoraproject, Netapp and 3 more | 10 Debian Linux, Fedora, Cloud Backup and 7 more | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | |||||
| CVE-2021-3416 | 4 Debian, Fedoraproject, Qemu and 1 more | 4 Debian Linux, Fedora, Qemu and 1 more | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
| A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. | |||||
| CVE-2021-3410 | 3 Debian, Fedoraproject, Libcaca Project | 3 Debian Linux, Fedora, Libcaca | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | |||||
| CVE-2021-3409 | 4 Debian, Fedoraproject, Qemu and 1 more | 4 Debian Linux, Fedora, Qemu and 1 more | 2024-11-21 | 4.6 MEDIUM | 5.7 MEDIUM |
| The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. | |||||
| CVE-2021-3407 | 3 Artifex, Debian, Fedoraproject | 3 Mupdf, Debian Linux, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. | |||||
| CVE-2021-3405 | 3 Debian, Fedoraproject, Matroska | 3 Debian Linux, Fedora, Libebml | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. | |||||