Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8866 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-45910 | 2 Debian, Gif2apng Project | 2 Debian Linux, Gif2apng | 2024-08-04 | 7.8 High |
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written. | ||||
CVE-2021-45844 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2024-08-04 | 7.8 High |
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. | ||||
CVE-2021-45930 | 4 Debian, Fedoraproject, Qt and 1 more | 4 Debian Linux, Fedora, Qtsvg and 1 more | 2024-08-04 | 5.5 Medium |
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). | ||||
CVE-2021-45943 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Spatial And Graph and 1 more | 2024-08-04 | 5.5 Medium |
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | ||||
CVE-2021-45909 | 2 Debian, Gif2apng Project | 2 Debian Linux, Gif2apng | 2024-08-04 | 7.8 High |
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. | ||||
CVE-2021-45469 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2024-08-04 | 7.8 High |
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. | ||||
CVE-2021-45480 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-04 | 5.5 Medium |
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. | ||||
CVE-2021-45444 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-08-04 | 7.8 High |
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. | ||||
CVE-2021-45417 | 5 Advanced Intrusion Detection Environment Project, Canonical, Debian and 2 more | 11 Advanced Intrusion Detection Environment, Ubuntu Linux, Debian Linux and 8 more | 2024-08-04 | 7.8 High |
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. | ||||
CVE-2021-45343 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Librecad | 2024-08-04 | 5.5 Medium |
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. | ||||
CVE-2021-45342 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Librecad | 2024-08-04 | 7.8 High |
A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | ||||
CVE-2021-45341 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Librecad | 2024-08-04 | 8.8 High |
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | ||||
CVE-2021-45105 | 6 Apache, Debian, Netapp and 3 more | 131 Log4j, Debian Linux, Cloud Manager and 128 more | 2024-08-04 | 5.9 Medium |
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | ||||
CVE-2021-45095 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-04 | 5.5 Medium |
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | ||||
CVE-2021-45079 | 4 Canonical, Debian, Fedoraproject and 1 more | 5 Ubuntu Linux, Debian Linux, Extra Packages For Enterprise Linux and 2 more | 2024-08-04 | 9.1 Critical |
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | ||||
CVE-2021-45098 | 2 Debian, Oisf | 2 Debian Linux, Suricata | 2024-08-04 | 7.5 High |
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action. | ||||
CVE-2021-45085 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-08-04 | 6.1 Medium |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. | ||||
CVE-2021-45087 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-08-04 | 6.1 Medium |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. | ||||
CVE-2021-45046 | 7 Apache, Debian, Fedoraproject and 4 more | 70 Log4j, Debian Linux, Fedora and 67 more | 2024-08-04 | 9.0 Critical |
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | ||||
CVE-2021-45086 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-08-04 | 6.1 Medium |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. |