Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-02 | CVE-2021-21289 | Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load,... | Debian_linux, Fedora, Mechanize | 8.3 | ||
| 2021-02-08 | CVE-2021-21290 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary... | Debian_linux, Active_iq_unified_manager, Cloud_secure_agent, Snapcenter, Netty, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_trade_finance_process_management, Communications_brm_\-_elastic_charging_engine, Communications_design_studio, Communications_messaging_server, Nosql_database, Quarkus | 5.5 | ||
| 2021-02-09 | CVE-2021-26937 | encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | Debian_linux, Fedora, Screen | 9.8 | ||
| 2021-02-10 | CVE-2021-27135 | xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | Debian_linux, Fedora, Xterm | 9.8 | ||
| 2021-02-10 | CVE-2021-0326 | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 | Debian_linux, Fedora, Android | 7.5 | ||
| 2021-02-14 | CVE-2021-27212 | In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. | Debian_linux, Openldap | 7.5 | ||
| 2021-02-15 | CVE-2021-23336 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can... | Debian_linux, Django, Fedora, Cloud_backup, Inventory_collect_tool, Ontap_select_deploy_administration_utility, Snapcenter, Communications_offline_mediation_controller, Communications_pricing_design_center, Enterprise_manager_ops_center, Zfs_storage_appliance, Python | 5.9 | ||
| 2021-02-15 | CVE-2021-27218 | An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Glib, Active_iq_unified_manager, Cloud_backup, E\-Series_performance_analyzer | 7.5 | ||
| 2021-02-15 | CVE-2021-27219 | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Glib, Active_iq_unified_manager, Cloud_backup, E\-Series_performance_analyzer | 7.5 | ||
| 2021-02-17 | CVE-2021-26933 | An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. | Debian_linux, Fedora, Xen | 5.5 |