Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6424 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2022-03-31 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-6426 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2022-03-31 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-22207 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Zfs Storage Appliance Kit and 1 more | 2022-03-31 | 5.0 MEDIUM | 6.5 MEDIUM |
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | |||||
CVE-2021-31215 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2022-03-31 | 6.5 MEDIUM | 8.8 HIGH |
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | |||||
CVE-2020-13933 | 2 Apache, Debian | 2 Shiro, Debian Linux | 2022-03-30 | 5.0 MEDIUM | 7.5 HIGH |
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | |||||
CVE-2020-1957 | 2 Apache, Debian | 2 Shiro, Debian Linux | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | |||||
CVE-2022-0534 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2022-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). | |||||
CVE-2019-12221 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2022-03-30 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. | |||||
CVE-2021-4011 | 3 Debian, Fedoraproject, X.org | 3 Debian Linux, Fedora, X Server | 2022-03-30 | 7.2 HIGH | 7.8 HIGH |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-4010 | 3 Debian, Fedoraproject, X.org | 3 Debian Linux, Fedora, X Server | 2022-03-30 | 7.2 HIGH | 7.8 HIGH |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-4009 | 3 Debian, Fedoraproject, X.org | 3 Debian Linux, Fedora, X Server | 2022-03-30 | 7.2 HIGH | 7.8 HIGH |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-4008 | 3 Debian, Fedoraproject, X.org | 3 Debian Linux, Fedora, X Server | 2022-03-30 | 7.2 HIGH | 7.8 HIGH |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2020-28948 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2022-03-30 | 6.8 MEDIUM | 7.8 HIGH |
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. | |||||
CVE-2021-37971 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-03-30 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2021-37970 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-03-30 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-37972 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-03-30 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-16869 | 4 Canonical, Debian, Netty and 1 more | 5 Ubuntu Linux, Debian Linux, Netty and 2 more | 2022-03-30 | 5.0 MEDIUM | 7.5 HIGH |
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | |||||
CVE-2021-37973 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-03-30 | 6.8 MEDIUM | 9.6 CRITICAL |
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2018-1320 | 4 Apache, Debian, F5 and 1 more | 5 Thrift, Debian Linux, Traffix Sdc and 2 more | 2022-03-30 | 5.0 MEDIUM | 7.5 HIGH |
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. | |||||
CVE-2019-18804 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. |