Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-17 | CVE-2021-27291 | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | Debian_linux, Fedora, Pygments | 7.5 | ||
| 2021-03-19 | CVE-2020-25097 | An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. | Debian_linux, Fedora, Cloud_manager, Squid | 8.6 | ||
| 2021-03-19 | CVE-2021-28831 | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | Busybox, Debian_linux, Fedora | 7.5 | ||
| 2021-03-19 | CVE-2021-28834 | Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. | Debian_linux, Fedora, Kramdown | 9.8 | ||
| 2021-03-20 | CVE-2021-28950 | An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. | Debian_linux, Fedora, Linux_kernel | 5.5 | ||
| 2021-03-20 | CVE-2020-27170 | An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel | 4.7 | ||
| 2021-03-20 | CVE-2020-27171 | An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel | 6.0 | ||
| 2021-03-21 | CVE-2021-28957 | An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. | Debian_linux, Fedora, Lxml, Snapcenter, Zfs_storage_appliance_kit | 6.1 | ||
| 2021-03-22 | CVE-2021-28963 | Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. | Debian_linux, Service_provider | 5.3 | ||
| 2021-03-22 | CVE-2021-28964 | A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. | Debian_linux, Fedora, Linux_kernel, Aff_a250_firmware, Cloud_backup, Fas_500f_firmware, Solidfire_baseboard_management_controller_firmware | 4.7 |