Total
9162 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3624 | 2 Dcraw Project, Debian | 2 Dcraw, Debian Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. | |||||
| CVE-2021-3618 | 5 Debian, F5, Fedoraproject and 2 more | 5 Debian Linux, Nginx, Fedora and 2 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | |||||
| CVE-2021-3612 | 6 Debian, Fedoraproject, Linux and 3 more | 26 Debian Linux, Fedora, Linux Kernel and 23 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-3608 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-11-21 | 4.9 MEDIUM | 6.0 MEDIUM |
| A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3607 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-11-21 | 4.9 MEDIUM | 6.0 MEDIUM |
| An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3605 | 3 Debian, Openexr, Redhat | 3 Debian Linux, Openexr, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | |||||
| CVE-2021-3598 | 3 Debian, Openexr, Redhat | 3 Debian Linux, Openexr, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | |||||
| CVE-2021-3596 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 4 Debian Linux, Fedora, Imagemagick and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. | |||||
| CVE-2021-3595 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | |||||
| CVE-2021-3594 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | |||||
| CVE-2021-3593 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | |||||
| CVE-2021-3592 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | |||||
| CVE-2021-3582 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3580 | 4 Debian, Netapp, Nettle Project and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Nettle and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. | |||||
| CVE-2021-3578 | 3 Debian, Fedoraproject, Isync Project | 3 Debian Linux, Fedora, Isync | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client. | |||||
| CVE-2021-3570 | 4 Debian, Fedoraproject, Linuxptp Project and 1 more | 7 Debian Linux, Fedora, Linuxptp and 4 more | 2024-11-21 | 8.0 HIGH | 8.8 HIGH |
| A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. | |||||
| CVE-2021-3566 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). | |||||
| CVE-2021-3564 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. | |||||
| CVE-2021-3563 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Keystone, Openstack Platform | 2024-11-21 | N/A | 7.4 HIGH |
| A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-3561 | 3 Debian, Fedoraproject, Fig2dev Project | 3 Debian Linux, Fedora, Fig2dev | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. | |||||