Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-05-27 | CVE-2020-13253 | sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. | Ubuntu_linux, Debian_linux, Qemu | 5.5 | ||
2020-07-02 | CVE-2020-15469 | In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | Debian_linux, Qemu | 2.3 | ||
2020-07-21 | CVE-2020-15859 | QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. | Debian_linux, Qemu | 3.3 | ||
2020-09-25 | CVE-2020-25084 | QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. | Debian_linux, Qemu | 3.2 | ||
2020-09-25 | CVE-2020-25085 | QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | Debian_linux, Qemu | 5.0 | ||
2020-09-25 | CVE-2020-25625 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. | Debian_linux, Qemu | 5.3 | ||
2020-11-06 | CVE-2020-27617 | eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. | Debian_linux, Qemu | 6.5 | ||
2020-11-30 | CVE-2020-25624 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. | Debian_linux, Qemu | 5.0 | ||
2021-07-21 | CVE-2021-2388 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker.... | Debian_linux, Graalvm, Jdk | 7.5 | ||
2022-03-17 | CVE-2022-24761 | Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are... | Waitress, Debian_linux | 7.5 |