Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
9183 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3933 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 5.5 Medium |
| An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. | ||||
| CVE-2021-3930 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Advanced Virtualization and 8 more | 2024-11-21 | 6.5 Medium |
| An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. | ||||
| CVE-2021-3928 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 7.8 High |
| vim is vulnerable to Use of Uninitialized Variable | ||||
| CVE-2021-3927 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3912 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.2 Medium |
| OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). | ||||
| CVE-2021-3911 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.2 Medium |
| If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | ||||
| CVE-2021-3910 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.4 Medium |
| OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | ||||
| CVE-2021-3909 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.4 Medium |
| OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive. | ||||
| CVE-2021-3908 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 5.9 Medium |
| OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | ||||
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 7.4 High |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | ||||
| CVE-2021-3903 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3872 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3864 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.0 High |
| A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | ||||
| CVE-2021-3850 | 2 Adodb Project, Debian | 2 Adodb, Debian Linux | 2024-11-21 | 9.1 Critical |
| Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | ||||
| CVE-2021-3842 | 3 Debian, Fedoraproject, Nltk | 3 Debian Linux, Fedora, Nltk | 2024-11-21 | 7.5 High |
| nltk is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3805 | 3 Debian, Object-path Project, Redhat | 3 Debian Linux, Object-path, Acm | 2024-11-21 | 7.5 High |
| object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2024-11-21 | 7.5 High |
| nth-check is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3800 | 4 Debian, Gnome, Netapp and 1 more | 4 Debian Linux, Glib, Active Iq Unified Manager and 1 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. | ||||
| CVE-2021-3796 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 7.3 High |
| vim is vulnerable to Use After Free | ||||
| CVE-2021-3778 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||