Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-04-30 | CVE-2021-21232 | Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome | 8.8 | ||
2021-04-30 | CVE-2021-21233 | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome | 8.8 | ||
2021-05-05 | CVE-2021-20254 | A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality... | Debian_linux, Fedora, Enterprise_linux, Samba | 6.8 | ||
2021-05-06 | CVE-2021-31829 | kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. | Debian_linux, Fedora, Linux_kernel | 5.5 | ||
2021-05-11 | CVE-2021-3504 | A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. | Debian_linux, Fedora, Enterprise_linux, Hivex | 5.4 | ||
2021-05-24 | CVE-2020-26558 | Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the... | Bluetooth_core_specification, Debian_linux, Fedora, Ac_1550_firmware, Ac_3165_firmware, Ac_3168_firmware, Ac_7265_firmware, Ac_8260_firmware, Ac_8265_firmware, Ac_9260_firmware, Ac_9461_firmware, Ac_9462_firmware, Ac_9560_firmware, Ax1650_firmware, Ax1675_firmware, Ax200_firmware, Ax201_firmware, Ax210_firmware, Linux_kernel | 4.2 | ||
2021-05-12 | CVE-2021-20277 | A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. | Debian_linux, Fedora, Samba | 7.5 | ||
2021-05-12 | CVE-2020-27840 | A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability. | Debian_linux, Fedora, Samba | 7.5 | ||
2021-05-12 | CVE-2021-23134 | Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. | Debian_linux, Fedora, Linux_kernel | 7.8 | ||
2021-05-13 | CVE-2021-31215 | SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | Debian_linux, Fedora, Slurm | 8.8 |