Total
8120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3426 | 6 Debian, Fedoraproject, Netapp and 3 more | 10 Debian Linux, Fedora, Cloud Backup and 7 more | 2024-02-04 | 2.7 LOW | 5.7 MEDIUM |
| There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | |||||
| CVE-2021-36222 | 4 Debian, Mit, Netapp and 1 more | 7 Debian Linux, Kerberos 5, Active Iq Unified Manager and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. | |||||
| CVE-2020-27830 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash. | |||||
| CVE-2020-22044 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. | |||||
| CVE-2021-28697 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. | |||||
| CVE-2021-29338 | 3 Debian, Fedoraproject, Uclouvain | 3 Debian Linux, Fedora, Openjpeg | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files. | |||||
| CVE-2021-25214 | 5 Debian, Fedoraproject, Isc and 2 more | 24 Debian Linux, Fedora, Bind and 21 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. | |||||
| CVE-2021-0561 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Android | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 | |||||
| CVE-2021-3655 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. | |||||
| CVE-2021-23133 | 5 Broadcom, Debian, Fedoraproject and 2 more | 24 Brocade Fabric Operating System, Debian Linux, Fedora and 21 more | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
| A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. | |||||
| CVE-2021-22207 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Zfs Storage Appliance Kit and 1 more | 2024-02-04 | 5.0 MEDIUM | 6.5 MEDIUM |
| Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-34556 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. | |||||
| CVE-2021-32785 | 4 Apache, Debian, Netapp and 1 more | 4 Http Server, Debian Linux, Cloud Backup and 1 more | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. | |||||
| CVE-2021-3479 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. | |||||
| CVE-2021-27577 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | |||||
| CVE-2021-21216 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-27823 | 3 Debian, Fedoraproject, Uclouvain | 3 Debian Linux, Fedora, Openjpeg | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-20313 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-24489 | 2 Debian, Intel | 214 Debian Linux, Atom X5-e3930, Atom X5-e3940 and 211 more | 2024-02-04 | 4.6 MEDIUM | 8.8 HIGH |
| Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-26690 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service | |||||