1708 matches found
UBUNTU-CVE-2021-4136
vim is vulnerable to Heap-based Buffer Overflow...
UBUNTU-CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...
The vulnerability of the `open_generic_xdg_mime` function in the xdg-open component of the Xdg-utils suite, a set of tools for integrating applications into the Xdg environment, arises due to insufficient handling of input data cleaning. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the opengenericxdgmime function in the xdg-open component, a toolset for integrating applications into the Xdg environment, is related to incorrect handling of local variables when using the dash library. Exploiting this vulnerability can allow an attacker to gain access to...
CVE-2021-1829
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges...
CVE-2021-30780
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges...
CVE-2021-30726
A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking...
UBUNTU-CVE-2021-30622
Chromium: CVE-2021-30622 Use after free in WebApp Installs...
CVE-2021-38641
Microsoft Edge for Android Spoofing Vulnerability...
UBUNTU-CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
GHSA-P5W9-856P-8Q4G Assumed memory layout of std::net::SocketAddr
The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...
AZL-8484 CVE-2021-36690 affecting package sqlite for versions less than 3.36.0-3
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...
DEBIAN-CVE-2021-36690
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...
USN-5023-1 aspell vulnerability
It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
UBUNTU-CVE-2021-35063
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."...
CVE-2021-31206
Microsoft Exchange Server Remote Code Execution Vulnerability...
Siemens JT2GO 缓冲区错误漏洞
Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens AG, Germany. Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. A buffer over-read vulnerability exists in...
OPENSUSE-SU-2021:0940-1 Security update for bouncycastle
This update for bouncycastle fixes the following issues: - CVE-2020-15522: Fixed a timing issue within the EC math library bsc1186328. This update was imported from the SUSE:SLE-15-SP2:Update update project...
UBUNTU-CVE-2021-3532
Rejected reason: This CVE is marked as INVALID and not a bug...
UBUNTU-CVE-2021-3587
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38208. Reason: This candidate is a reservation duplicate of CVE-2021-38208. Notes: All CVE users should reference CVE-2021-38208 instead of this candidate. All references and descriptions in this candidate have been removed t...
CVE-2021-28438
Windows Console Driver Denial of Service Vulnerability...