Filtered by vendor Debian
Subscribe
Total
9005 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-39924 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||||
CVE-2021-42097 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-02-28 | 8.5 HIGH | 8.0 HIGH |
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). | |||||
CVE-2021-41125 | 2 Debian, Scrapy | 2 Debian Linux, Scrapy | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`. | |||||
CVE-2021-4181 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Http Server and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | |||||
CVE-2021-3984 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2021-44227 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | |||||
CVE-2021-37962 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-42260 | 2 Debian, Tinyxml Project | 2 Debian Linux, Tinyxml | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. | |||||
CVE-2021-36410 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265. | |||||
CVE-2022-0319 | 4 Apple, Canonical, Debian and 1 more | 4 Macos, Ubuntu Linux, Debian Linux and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Out-of-bounds Read in vim/vim prior to 8.2. | |||||
CVE-2021-38506 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
CVE-2021-32278 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. | |||||
CVE-2021-3796 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 1 more | 2024-02-28 | 6.8 MEDIUM | 7.3 HIGH |
vim is vulnerable to Use After Free | |||||
CVE-2022-22707 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. | |||||
CVE-2021-39926 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file | |||||
CVE-2022-0213 | 2 Debian, Vim | 2 Debian Linux, Vim | 2024-02-28 | 6.8 MEDIUM | 6.6 MEDIUM |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2021-40985 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | |||||
CVE-2021-37992 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-23852 | 6 Debian, Libexpat Project, Netapp and 3 more | 7 Debian Linux, Libexpat, Clustered Data Ontap and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | |||||
CVE-2022-0413 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Use After Free in GitHub repository vim/vim prior to 8.2. |