Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13750 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | |||||
| CVE-2022-28356 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-03 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | |||||
| CVE-2021-4197 | 5 Broadcom, Debian, Linux and 2 more | 14 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 11 more | 2023-02-03 | 7.2 HIGH | 7.8 HIGH |
| An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. | |||||
| CVE-2019-18422 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2023-02-03 | 8.5 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. | |||||
| CVE-2019-13725 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2021-3475 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2023-02-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. | |||||
| CVE-2020-16588 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2023-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. | |||||
| CVE-2021-3474 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2023-02-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. | |||||
| CVE-2022-41853 | 2 Debian, Hsqldb | 2 Debian Linux, Hypersql Database | 2023-02-03 | N/A | 9.8 CRITICAL |
| Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled. | |||||
| CVE-2019-17349 | 2 Debian, Xen | 2 Debian Linux, Xen | 2023-02-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | |||||
| CVE-2021-3941 | 4 Debian, Fedoraproject, Openexr and 1 more | 4 Debian Linux, Fedora, Openexr and 1 more | 2023-02-03 | 2.1 LOW | 6.5 MEDIUM |
| In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. | |||||
| CVE-2021-3933 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2023-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. | |||||
| CVE-2021-45942 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2023-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. | |||||
| CVE-2021-23215 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2023-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | |||||
| CVE-2021-26260 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2023-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. | |||||
| CVE-2019-17671 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-02-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | |||||
| CVE-2019-17675 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | |||||
| CVE-2019-17674 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-02-03 | 3.5 LOW | 5.4 MEDIUM |
| WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | |||||
| CVE-2019-17672 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | |||||
| CVE-2019-17669 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | |||||