Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-02-23 | CVE-2021-3407 | A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. | Mupdf, Debian_linux, Fedora | 5.5 | ||
2022-09-22 | CVE-2022-1941 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend... | Debian_linux, Fedora, Protobuf\-Cpp, Protobuf\-Python | 7.5 | ||
2023-11-29 | CVE-2023-6347 | Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.8 | ||
2024-01-19 | CVE-2023-50447 | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | Debian_linux, Pillow | 8.1 | ||
2023-09-12 | CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | Seequent_leapfrog, Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Teams, Webp_image_extension, Firefox, Firefox_esr, Thunderbird, Active_iq_unified_manager, Libwebp | 8.8 | ||
2021-08-24 | CVE-2021-30858 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | Ipados, Iphone_os, Macos, Debian_linux, Fedora | 8.8 | ||
2021-11-23 | CVE-2021-38000 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | Debian_linux, Fedora, Chrome | 6.1 | ||
2021-11-23 | CVE-2021-38003 | Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome | 8.8 | ||
2006-09-27 | CVE-2006-5051 | Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | Mac_os_x, Mac_os_x_server, Debian_linux, Openssh | 8.1 | ||
2021-03-16 | CVE-2021-21193 | Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome | 8.8 |