Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-10 | CVE-2020-13936 | An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. | Velocity_engine, Wss4j, Debian_linux, Banking_deposits_and_lines_of_credit_servicing, Banking_enterprise_default_management, Banking_loans_servicing, Banking_party_management, Banking_platform, Communications_cloud_native_core_policy, Communications_network_integrity, Hospitality_token_proxy_service, Retail_integration_bus, Retail_order_broker, Retail_service_backbone, Retail_xstore_office_cloud_service, Utilities_testing_accelerator | 8.8 | ||
| 2021-03-10 | CVE-2020-13959 | The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks. | Velocity_tools, Debian_linux | 6.1 | ||
| 2021-03-10 | CVE-2021-21772 | A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | Lib3mf, Debian_linux, Fedora | 8.1 | ||
| 2021-03-11 | CVE-2020-36277 | Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. | Debian_linux, Fedora, Leptonica | 7.5 | ||
| 2021-03-11 | CVE-2021-28153 | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) | Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Glib | 5.3 | ||
| 2021-03-12 | CVE-2020-36278 | Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. | Debian_linux, Fedora, Leptonica | 7.5 | ||
| 2021-03-12 | CVE-2020-36279 | Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. | Debian_linux, Fedora, Leptonica | 7.5 | ||
| 2021-03-12 | CVE-2020-36281 | Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. | Debian_linux, Fedora, Leptonica | 7.5 | ||
| 2021-03-16 | CVE-2021-21191 | Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome | 8.8 | ||
| 2021-03-16 | CVE-2021-21192 | Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome | 8.8 |