Total
8866 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-23098 | 2 Debian, Intel | 2 Debian Linux, Connman | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | |||||
CVE-2021-36408 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. | |||||
CVE-2021-4061 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-23219 | 3 Debian, Gnu, Oracle | 8 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | |||||
CVE-2021-45105 | 5 Apache, Debian, Netapp and 2 more | 121 Log4j, Debian Linux, Cloud Manager and 118 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | |||||
CVE-2021-45844 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2024-02-28 | 7.6 HIGH | 7.8 HIGH |
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. | |||||
CVE-2021-37978 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-22844 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | |||||
CVE-2022-23094 | 3 Debian, Fedoraproject, Libreswan | 3 Debian Linux, Fedora, Libreswan | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. | |||||
CVE-2021-44717 | 3 Debian, Golang, Opengroup | 3 Debian Linux, Go, Unix | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | |||||
CVE-2021-43542 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
CVE-2021-41991 | 4 Debian, Fedoraproject, Siemens and 1 more | 46 Debian Linux, Fedora, Cp 1543-1 and 43 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. | |||||
CVE-2021-44832 | 5 Apache, Cisco, Debian and 2 more | 22 Log4j, Cloudcenter, Debian Linux and 19 more | 2024-02-28 | 8.5 HIGH | 6.6 MEDIUM |
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. | |||||
CVE-2021-46671 | 2 Atftp Project, Debian | 2 Atftp, Debian Linux | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. | |||||
CVE-2021-4083 | 4 Debian, Linux, Netapp and 1 more | 23 Debian Linux, Linux Kernel, H300e and 20 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. | |||||
CVE-2021-4192 | 4 Apple, Debian, Fedoraproject and 1 more | 5 Mac Os X, Macos, Debian Linux and 2 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
vim is vulnerable to Use After Free | |||||
CVE-2022-21248 | 4 Debian, Fedoraproject, Netapp and 1 more | 20 Debian Linux, Fedora, 7-mode Transition Tool and 17 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2021-23518 | 2 Cached-path-relative Project, Debian | 2 Cached-path-relative, Debian Linux | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573 | |||||
CVE-2021-32687 | 5 Debian, Fedoraproject, Netapp and 2 more | 6 Debian Linux, Fedora, Management Services For Element Software and 3 more | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | |||||
CVE-2022-21699 | 3 Debian, Fedoraproject, Ipython | 3 Debian Linux, Fedora, Ipython | 2024-02-28 | 4.6 MEDIUM | 8.8 HIGH |
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade. |