Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-29 | CVE-2022-1353 | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | Debian_linux, Linux_kernel, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Enterprise_linux | 7.1 | ||
| 2022-04-29 | CVE-2021-4206 | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | Debian_linux, Qemu, Enterprise_linux | 8.2 | ||
| 2022-04-29 | CVE-2021-4207 | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | Debian_linux, Qemu, Enterprise_linux | 8.2 | ||
| 2022-05-01 | CVE-2022-25647 | The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | Debian_linux, Gson, Active_iq_unified_manager, Financial_services_crime_and_compliance_management_studio, Graalvm, Retail_order_broker | 7.5 | ||
| 2022-05-02 | CVE-2022-29970 | Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. | Debian_linux, Sinatra | 7.5 | ||
| 2022-05-02 | CVE-2021-46790 | ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. | Debian_linux, Fedora, Ntfs\-3g | 7.8 | ||
| 2022-05-02 | CVE-2021-42528 | XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Xmp_toolkit_software_development_kit, Debian_linux | 5.5 | ||
| 2022-05-02 | CVE-2021-42529 | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | Xmp_toolkit_software_development_kit, Debian_linux | 7.8 | ||
| 2022-05-02 | CVE-2021-42530 | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | Xmp_toolkit_software_development_kit, Debian_linux | N/A | ||
| 2022-05-02 | CVE-2021-42531 | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | Xmp_toolkit_software_development_kit, Debian_linux | 7.8 |