Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15142 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2022-03-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. | |||||
| CVE-2021-42008 | 3 Debian, Linux, Netapp | 20 Debian Linux, Linux Kernel, H300e and 17 more | 2022-03-29 | 6.9 MEDIUM | 7.8 HIGH |
| The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | |||||
| CVE-2021-1056 | 3 Debian, Linux, Nvidia | 3 Debian Linux, Linux Kernel, Gpu Driver | 2022-03-29 | 3.6 LOW | 7.1 HIGH |
| NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. | |||||
| CVE-2020-2934 | 3 Debian, Fedoraproject, Oracle | 4 Debian Linux, Fedora, Mysql Connector\/j and 1 more | 2022-03-29 | 5.1 MEDIUM | 5.0 MEDIUM |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). | |||||
| CVE-2021-33054 | 2 Debian, Inverse | 2 Debian Linux, Sogo | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.) | |||||
| CVE-2020-27745 | 2 Debian, Schedmd | 2 Debian Linux, Slurm | 2022-03-29 | 6.8 MEDIUM | 9.8 CRITICAL |
| Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | |||||
| CVE-2021-26691 | 5 Apache, Debian, Fedoraproject and 2 more | 8 Http Server, Debian Linux, Fedora and 5 more | 2022-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | |||||
| CVE-2021-41864 | 4 Debian, Fedoraproject, Linux and 1 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2022-03-25 | 4.6 MEDIUM | 7.8 HIGH |
| prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | |||||
| CVE-2021-38173 | 3 Debian, Digint, Fedoraproject | 3 Debian Linux, Btrbk, Fedora | 2022-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. | |||||
| CVE-2022-21699 | 3 Debian, Fedoraproject, Ipython | 3 Debian Linux, Fedora, Ipython | 2022-03-25 | 4.6 MEDIUM | 8.8 HIGH |
| IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade. | |||||
| CVE-2021-45911 | 2 Debian, Gif2apng Project | 2 Debian Linux, Gif2apng | 2022-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer. | |||||
| CVE-2021-45910 | 2 Debian, Gif2apng Project | 2 Debian Linux, Gif2apng | 2022-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written. | |||||
| CVE-2022-0577 | 2 Debian, Scrapy | 2 Debian Linux, Scrapy | 2022-03-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. | |||||
| CVE-2016-1572 | 5 Canonical, Debian, Ecryptfs and 2 more | 6 Ubuntu Linux, Debian Linux, Ecryptfs-utils and 3 more | 2022-03-23 | 4.6 MEDIUM | 8.4 HIGH |
| mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. | |||||
| CVE-2022-26847 | 2 Debian, Spip | 2 Debian Linux, Spip | 2022-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | |||||
| CVE-2022-26846 | 2 Debian, Spip | 2 Debian Linux, Spip | 2022-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | |||||
| CVE-2022-26662 | 2 Debian, Tryton | 3 Debian Linux, Proteus, Trytond | 2022-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. | |||||
| CVE-2022-26661 | 2 Debian, Tryton | 3 Debian Linux, Proteus, Trytond | 2022-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system. | |||||
| CVE-2021-43535 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-03-17 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2021-43534 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-03-17 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||