Filtered by vendor Debian
Subscriptions
Total
9856 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34556 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. | ||||
| CVE-2021-34552 | 4 Debian, Fedoraproject, Python and 1 more | 5 Debian Linux, Fedora, Pillow and 2 more | 2024-11-21 | 9.8 Critical |
| Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | ||||
| CVE-2021-34428 | 5 Debian, Eclipse, Netapp and 2 more | 21 Debian Linux, Jetty, Active Iq Unified Manager and 18 more | 2024-11-21 | 2.9 Low |
| For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. | ||||
| CVE-2021-34334 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2024-11-21 | 5.5 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. | ||||
| CVE-2021-33912 | 2 Debian, Libspf2 Project | 2 Debian Linux, Libspf2 | 2024-11-21 | 9.8 Critical |
| libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not. | ||||
| CVE-2021-33909 | 7 Debian, Fedoraproject, Linux and 4 more | 16 Debian Linux, Fedora, Linux Kernel and 13 more | 2024-11-21 | 7.8 High |
| fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | ||||
| CVE-2021-33833 | 2 Debian, Intel | 2 Debian Linux, Connection Manager | 2024-11-21 | 9.8 Critical |
| ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). | ||||
| CVE-2021-33829 | 4 Ckeditor, Debian, Drupal and 1 more | 4 Ckeditor, Debian Linux, Drupal and 1 more | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | ||||
| CVE-2021-33813 | 6 Apache, Debian, Fedoraproject and 3 more | 10 Solr, Tika, Debian Linux and 7 more | 2024-11-21 | 7.5 High |
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | ||||
| CVE-2021-33655 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | 6.7 Medium |
| When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. | ||||
| CVE-2021-33623 | 4 Debian, Netapp, Redhat and 1 more | 5 Debian Linux, E-series Performance Analyzer, Acm and 2 more | 2024-11-21 | 7.5 High |
| The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. | ||||
| CVE-2021-33620 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | ||||
| CVE-2021-33582 | 4 Cyrus, Debian, Fedoraproject and 1 more | 5 Imap, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 High |
| Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. | ||||
| CVE-2021-33574 | 5 Debian, Fedoraproject, Gnu and 2 more | 21 Debian Linux, Fedora, Glibc and 18 more | 2024-11-21 | 9.8 Critical |
| The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | ||||
| CVE-2021-33515 | 4 Debian, Dovecot, Fedoraproject and 1 more | 4 Debian Linux, Dovecot, Fedora and 1 more | 2024-11-21 | 4.8 Medium |
| The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. | ||||
| CVE-2021-33477 | 6 Debian, Eterm Project, Fedoraproject and 3 more | 6 Debian Linux, Eterm, Fedora and 3 more | 2024-11-21 | 8.8 High |
| rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. | ||||
| CVE-2021-33293 | 2 Debian, Libpano13 Project | 2 Debian Linux, Libpano13 | 2024-11-21 | 9.1 Critical |
| Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c. | ||||
| CVE-2021-33289 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-11-21 | 7.8 High |
| In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | ||||
| CVE-2021-33286 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | ||||
| CVE-2021-33196 | 3 Debian, Golang, Redhat | 8 Debian Linux, Go, Devtools and 5 more | 2024-11-21 | 7.5 High |
| In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | ||||