Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3592 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-02-04 | 2.1 LOW | 3.8 LOW |
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | |||||
CVE-2021-3497 | 3 Debian, Gstreamer Project, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | |||||
CVE-2021-33286 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | |||||
CVE-2018-25010 | 5 Apple, Debian, Netapp and 2 more | 6 Ipad Os, Iphone Os, Debian Linux and 3 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | |||||
CVE-2021-20309 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-20196 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
CVE-2018-10195 | 3 Debian, Lrzsz Project, Suse | 5 Debian Linux, Lrzsz, Linux Enterprise Debuginfo and 2 more | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. | |||||
CVE-2021-1093 | 2 Debian, Nvidia | 2 Debian Linux, Gpu Display Driver | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. | |||||
CVE-2021-38198 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. | |||||
CVE-2021-3580 | 4 Debian, Netapp, Nettle Project and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Nettle and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. | |||||
CVE-2020-36307 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. | |||||
CVE-2021-23215 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | |||||
CVE-2021-32728 | 2 Debian, Nextcloud | 2 Debian Linux, Nextcloud | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading. | |||||
CVE-2021-30155 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. | |||||
CVE-2021-31866 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. | |||||
CVE-2021-35942 | 3 Debian, Gnu, Netapp | 7 Debian Linux, Glibc, Active Iq Unified Manager and 4 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | |||||
CVE-2021-1076 | 2 Debian, Nvidia | 2 Debian Linux, Gpu Display Driver | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. | |||||
CVE-2021-31215 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | |||||
CVE-2021-21215 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
CVE-2021-33623 | 3 Debian, Netapp, Trim-newlines Project | 3 Debian Linux, E-series Performance Analyzer, Trim-newlines | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. |