Total
5057 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3612 | 6 Debian, Fedoraproject, Linux and 3 more | 26 Debian Linux, Fedora, Linux Kernel and 23 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-21204 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Mac Os X, Debian Linux, Fedora and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30600 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-33582 | 3 Cyrus, Debian, Fedoraproject | 3 Imap, Debian Linux, Fedora | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. | |||||
| CVE-2021-36770 | 3 Fedoraproject, P5-encode Project, Perl | 3 Fedora, P5-encode, Perl | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. | |||||
| CVE-2020-15078 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | |||||
| CVE-2021-36377 | 2 Fedoraproject, Fossil-scm | 2 Fedora, Fossil | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | |||||
| CVE-2021-39152 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2023-12-10 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | |||||
| CVE-2021-30585 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21333 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2023-12-10 | 2.6 LOW | 6.1 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0. | |||||
| CVE-2021-20297 | 3 Fedoraproject, Gnome, Redhat | 4 Fedora, Networkmanager, Enterprise Linux and 1 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-28658 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. | |||||
| CVE-2021-30582 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-32613 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | |||||
| CVE-2021-39149 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2023-12-10 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-0232 | 2 Fedoraproject, Juniper | 2 Fedora, Paragon Active Assurance Control Center | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2. | |||||
| CVE-2021-25287 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. | |||||
| CVE-2021-33910 | 4 Debian, Fedoraproject, Netapp and 1 more | 5 Debian Linux, Fedora, Hci Management Node and 2 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | |||||
| CVE-2021-30521 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-36084 | 2 Fedoraproject, Selinux Project | 2 Fedora, Selinux | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). | |||||