Total
8822 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20305 | 5 Debian, Fedoraproject, Netapp and 2 more | 6 Debian Linux, Fedora, Active Iq Unified Manager and 3 more | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-20303 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. | |||||
| CVE-2021-20277 | 3 Debian, Fedoraproject, Samba | 3 Debian Linux, Fedora, Samba | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20254 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2023-11-07 | 4.9 MEDIUM | 6.8 MEDIUM |
| A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-20247 | 3 Debian, Fedoraproject, Mbsync Project | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2023-11-07 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-20228 | 2 Debian, Redhat | 4 Debian Linux, Ansible Automation Platform, Ansible Engine and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-20221 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2023-11-07 | 2.1 LOW | 6.0 MEDIUM |
| An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | |||||
| CVE-2021-20190 | 5 Apache, Debian, Fasterxml and 2 more | 8 Nifi, Debian Linux, Jackson-databind and 5 more | 2023-11-07 | 8.3 HIGH | 8.1 HIGH |
| A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-20181 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-11-07 | 6.9 MEDIUM | 7.5 HIGH |
| A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. | |||||
| CVE-2021-1844 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-1788 | 3 Apple, Debian, Fedoraproject | 9 Ipados, Iphone Os, Mac Os X and 6 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-0561 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Android | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 | |||||
| CVE-2021-0326 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Android | 2023-11-07 | 7.9 HIGH | 7.5 HIGH |
| In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 | |||||
| CVE-2021-0089 | 3 Debian, Fedoraproject, Intel | 12 Debian Linux, Fedora, Celeron Processors and 9 more | 2023-11-07 | 2.1 LOW | 6.5 MEDIUM |
| Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||||
| CVE-2020-9548 | 4 Debian, Fasterxml, Netapp and 1 more | 25 Debian Linux, Jackson-databind, Active Iq Unified Manager and 22 more | 2023-11-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | |||||
| CVE-2020-9547 | 4 Debian, Fasterxml, Netapp and 1 more | 16 Debian Linux, Jackson-databind, Active Iq Unified Manager and 13 more | 2023-11-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). | |||||
| CVE-2020-9546 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Active Iq Unified Manager and 28 more | 2023-11-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). | |||||
| CVE-2020-9498 | 3 Apache, Debian, Fedoraproject | 3 Guacamole, Debian Linux, Fedora | 2023-11-07 | 6.2 MEDIUM | 6.7 MEDIUM |
| Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process. | |||||
| CVE-2020-9497 | 3 Apache, Debian, Fedoraproject | 3 Guacamole, Debian Linux, Fedora | 2023-11-07 | 1.2 LOW | 4.4 MEDIUM |
| Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. | |||||
| CVE-2020-9490 | 7 Apache, Canonical, Debian and 4 more | 25 Http Server, Ubuntu Linux, Debian Linux and 22 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | |||||