Filtered by vendor Debian
Subscribe
Total
9005 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-37968 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2021-40393 | 2 Debian, Gerbv Project | 2 Debian Linux, Gerbv | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-38004 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2021-32272 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution. | |||||
CVE-2021-21899 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Libdxfrw | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-37995 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2021-22930 | 4 Debian, Netapp, Nodejs and 1 more | 4 Debian Linux, Nextgen Api, Node.js and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | |||||
CVE-2021-32274 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. | |||||
CVE-2021-3903 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2021-32672 | 6 Debian, Fedoraproject, Netapp and 3 more | 8 Debian Linux, Fedora, Management Services For Element Software and 5 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. | |||||
CVE-2021-37974 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-25633 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | |||||
CVE-2021-32280 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. | |||||
CVE-2021-30846 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2021-45958 | 3 Debian, Fedoraproject, Ultrajson Project | 3 Debian Linux, Fedora, Ultrajson | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. | |||||
CVE-2022-0235 | 3 Debian, Node-fetch Project, Siemens | 3 Debian Linux, Node-fetch, Sinec Ins | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||||
CVE-2021-37994 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
CVE-2021-39923 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||||
CVE-2021-43797 | 5 Debian, Netapp, Netty and 2 more | 18 Debian Linux, Oncommand Workflow Automation, Snapcenter and 15 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final. | |||||
CVE-2022-23833 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. |