• git://
#Vulnerabilities 5698
Date Id Summary Products Score Patch Annotated
2022-01-06 CVE-2022-22707 In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. Debian_linux, Lighttpd 5.9
2022-01-04 CVE-2021-3842 nltk is vulnerable to Inefficient Regular Expression Complexity Debian_linux, Fedora, Nltk 7.5
2022-01-06 CVE-2021-46144 Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. Debian_linux, Roundcube 6.1
2022-01-01 CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. Debian_linux, Fedora, Factory, Leap, Enterprise_linux, Software_collections, Date, Ruby, Linux_enterprise 7.5
2014-01-18 CVE-2013-6424 Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Ubuntu_linux, Debian_linux, Opensuse, Pixman N/A
2022-01-01 CVE-2021-45972 The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data. Debian_linux, Giftrans 7.1
2021-12-15 CVE-2021-45078 stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. Debian_linux, Fedora, Binutils, Enterprise_linux 7.8
2020-09-08 CVE-2020-3702 u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064,... Access_point, Debian_linux, Apq8053_firmware, Ipq4019_firmware, Ipq8064_firmware, Msm8909w_firmware, Msm8996au_firmware, Qca9531_firmware, Qcn5502_firmware, Qcs405_firmware, Sdx20_firmware, Sm6150_firmware, Sm7150_firmware 6.5
2020-10-02 CVE-2020-26519 Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. Mupdf, Debian_linux, Fedora 5.5
2020-11-06 CVE-2020-28241 libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. Debian_linux, Fedora, Libmaxminddb 6.5