Filtered by vendor Debian
Subscribe
Total
9005 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-43528 | 2 Debian, Mozilla | 2 Debian Linux, Thunderbird | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. | |||||
CVE-2021-36411 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | |||||
CVE-2021-28709 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.) | |||||
CVE-2021-45944 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). | |||||
CVE-2021-40391 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-38018 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
CVE-2020-21913 | 2 Debian, Unicode | 2 Debian Linux, International Components For Unicode | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. | |||||
CVE-2021-37959 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-38010 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
CVE-2022-23098 | 2 Debian, Intel | 2 Debian Linux, Connman | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | |||||
CVE-2021-36408 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. | |||||
CVE-2021-4061 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-23219 | 3 Debian, Gnu, Oracle | 8 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | |||||
CVE-2021-45105 | 5 Apache, Debian, Netapp and 2 more | 121 Log4j, Debian Linux, Cloud Manager and 118 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | |||||
CVE-2021-45844 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2024-02-28 | 7.6 HIGH | 7.8 HIGH |
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. | |||||
CVE-2021-37978 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-22844 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | |||||
CVE-2022-23094 | 3 Debian, Fedoraproject, Libreswan | 3 Debian Linux, Fedora, Libreswan | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. | |||||
CVE-2021-44717 | 3 Debian, Golang, Opengroup | 3 Debian Linux, Go, Unix | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | |||||
CVE-2021-43542 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |