Total
9162 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40403 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40401 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40394 | 2 Debian, Gerbv Project | 2 Debian Linux, Gerbv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40393 | 2 Debian, Gerbv Project | 2 Debian Linux, Gerbv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40391 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40346 | 3 Debian, Fedoraproject, Haproxy | 3 Debian Linux, Fedora, Haproxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | |||||
| CVE-2021-40330 | 2 Debian, Git-scm | 2 Debian Linux, Git | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. | |||||
| CVE-2021-40153 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. | |||||
| CVE-2021-40085 | 2 Debian, Openstack | 2 Debian Linux, Neutron | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. | |||||
| CVE-2021-3999 | 3 Debian, Gnu, Netapp | 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more | 2024-11-21 | N/A | 7.8 HIGH |
| A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | |||||
| CVE-2021-3984 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3975 | 5 Canonical, Debian, Fedoraproject and 2 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. | |||||
| CVE-2021-3974 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Use After Free | |||||
| CVE-2021-3973 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3941 | 4 Debian, Fedoraproject, Openexr and 1 more | 4 Debian Linux, Fedora, Openexr and 1 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. | |||||
| CVE-2021-3935 | 4 Debian, Fedoraproject, Pgbouncer and 1 more | 4 Debian Linux, Fedora, Pgbouncer and 1 more | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
| When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. | |||||
| CVE-2021-3933 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. | |||||
| CVE-2021-3930 | 3 Debian, Qemu, Redhat | 10 Debian Linux, Qemu, Codeready Linux Builder and 7 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. | |||||
| CVE-2021-3928 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Use of Uninitialized Variable | |||||
| CVE-2021-3927 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||