Total
8866 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0319 | 4 Apple, Canonical, Debian and 1 more | 4 Macos, Ubuntu Linux, Debian Linux and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Out-of-bounds Read in vim/vim prior to 8.2. | |||||
CVE-2021-38506 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
CVE-2021-32278 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. | |||||
CVE-2021-3796 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 1 more | 2024-02-28 | 6.8 MEDIUM | 7.3 HIGH |
vim is vulnerable to Use After Free | |||||
CVE-2022-22707 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. | |||||
CVE-2021-39926 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file | |||||
CVE-2022-0213 | 2 Debian, Vim | 2 Debian Linux, Vim | 2024-02-28 | 6.8 MEDIUM | 6.6 MEDIUM |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2021-40985 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | |||||
CVE-2021-37992 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-23852 | 6 Debian, Libexpat Project, Netapp and 3 more | 7 Debian Linux, Libexpat, Clustered Data Ontap and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | |||||
CVE-2022-0413 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Use After Free in GitHub repository vim/vim prior to 8.2. | |||||
CVE-2021-28715 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) | |||||
CVE-2021-38020 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2021-44716 | 3 Debian, Golang, Netapp | 3 Debian Linux, Go, Cloud Insights Telegraf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | |||||
CVE-2021-45949 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). | |||||
CVE-2021-45078 | 5 Debian, Fedoraproject, Gnu and 2 more | 5 Debian Linux, Fedora, Binutils and 2 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. | |||||
CVE-2019-8921 | 3 Bluez, Debian, Linux | 3 Bluez, Debian Linux, Linux Kernel | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. | |||||
CVE-2021-37988 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-38503 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
CVE-2021-32276 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service. |