Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8866 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-0093 | 6 Canonical, Debian, Google and 3 more | 6 Ubuntu Linux, Debian Linux, Android and 3 more | 2024-08-04 | 5.0 Medium |
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 | ||||
CVE-2021-46829 | 4 Debian, Fedoraproject, Gnome and 1 more | 4 Debian Linux, Fedora, Gdk-pixbuf and 1 more | 2024-08-04 | 7.8 High |
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. | ||||
CVE-2021-46837 | 3 Asterisk, Debian, Digium | 3 Certified Asterisk, Debian Linux, Asterisk | 2024-08-04 | 6.5 Medium |
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. | ||||
CVE-2021-46828 | 3 Debian, Libtirpc Project, Redhat | 3 Debian Linux, Libtirpc, Enterprise Linux | 2024-08-04 | 7.5 High |
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. | ||||
CVE-2021-46848 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Libtasn1 and 2 more | 2024-08-04 | 9.1 Critical |
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | ||||
CVE-2021-46784 | 3 Debian, Redhat, Squid-cache | 5 Debian Linux, Enterprise Linux, Rhel E4s and 2 more | 2024-08-04 | 6.5 Medium |
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. | ||||
CVE-2021-46790 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-08-04 | 7.8 High |
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. | ||||
CVE-2021-46671 | 2 Atftp Project, Debian | 2 Atftp, Debian Linux | 2024-08-04 | 5.3 Medium |
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. | ||||
CVE-2021-46669 | 4 Debian, Fedoraproject, Mariadb and 1 more | 5 Debian Linux, Fedora, Mariadb and 2 more | 2024-08-04 | 7.5 High |
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | ||||
CVE-2021-46144 | 2 Debian, Roundcube | 2 Debian Linux, Roundcube | 2024-08-04 | 6.1 Medium |
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | ||||
CVE-2021-46142 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2024-08-04 | 5.5 Medium |
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. | ||||
CVE-2021-46141 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2024-08-04 | 5.5 Medium |
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. | ||||
CVE-2021-45972 | 2 Debian, Giftrans Project | 2 Debian Linux, Giftrans | 2024-08-04 | 7.1 High |
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data. | ||||
CVE-2021-45845 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2024-08-04 | 7.8 High |
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. | ||||
CVE-2021-45960 | 6 Debian, Libexpat Project, Netapp and 3 more | 10 Debian Linux, Libexpat, Active Iq Unified Manager and 7 more | 2024-08-04 | 8.8 High |
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | ||||
CVE-2021-45949 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-08-04 | 5.5 Medium |
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). | ||||
CVE-2021-45942 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-08-04 | 5.5 Medium |
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. | ||||
CVE-2021-45944 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-08-04 | 5.5 Medium |
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). | ||||
CVE-2021-45958 | 3 Debian, Fedoraproject, Ultrajson Project | 3 Debian Linux, Fedora, Ultrajson | 2024-08-04 | 5.5 Medium |
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. | ||||
CVE-2021-45911 | 2 Debian, Gif2apng Project | 2 Debian Linux, Gif2apng | 2024-08-04 | 7.8 High |
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer. |