Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-34798 | 8 Apache, Broadcom, Debian and 5 more | 18 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 15 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
CVE-2021-43528 | 2 Debian, Mozilla | 2 Debian Linux, Thunderbird | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. | |||||
CVE-2020-21531 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. | |||||
CVE-2021-4079 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. | |||||
CVE-2021-38011 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-21532 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. | |||||
CVE-2021-37991 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 5.1 MEDIUM | 7.5 HIGH |
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-43579 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. | |||||
CVE-2021-45086 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | |||||
CVE-2021-4064 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-43845 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size. | |||||
CVE-2021-20317 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 4.9 MEDIUM | 4.4 MEDIUM |
A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. | |||||
CVE-2021-45095 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | |||||
CVE-2021-37992 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-21305 | 3 Debian, Netapp, Oracle | 19 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 16 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2021-32278 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. | |||||
CVE-2022-23990 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | |||||
CVE-2021-43534 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
CVE-2021-45960 | 4 Debian, Libexpat Project, Netapp and 1 more | 7 Debian Linux, Libexpat, Active Iq Unified Manager and 4 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | |||||
CVE-2021-41141 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch. |