Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-01-05 | CVE-2020-36158 | mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. | Debian_linux, Fedora, Linux_kernel, Cloud_backup, Solidfire_baseboard_management_controller_firmware | 6.7 | ||
2021-01-05 | CVE-2020-27841 | There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. | Debian_linux, Fedora, Outside_in_technology, Openjpeg | 5.5 | ||
2021-01-05 | CVE-2020-27842 | There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Outside_in_technology, Codeready_linux_builder, Codeready_linux_builder_for_ibm_z_systems, Codeready_linux_builder_for_power_little_endian, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Openjpeg | 5.5 | ||
2021-01-05 | CVE-2020-27843 | A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. | Debian_linux, Fedora, Outside_in_technology, Openjpeg | 5.5 | ||
2021-01-05 | CVE-2020-27844 | A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | Debian_linux, Outside_in_technology, Openjpeg | 7.8 | ||
2021-01-05 | CVE-2020-27845 | There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. | Debian_linux, Fedora, Outside_in_technology, Openjpeg | 5.5 | ||
2021-01-06 | CVE-2020-8265 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially... | Debian_linux, Fedora, Node\.js, Graalvm, Sinec_infrastructure_network_services | 8.1 | ||
2021-01-06 | CVE-2020-8287 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. | Debian_linux, Fedora, Node\.js, Graalvm, Sinec_infrastructure_network_services | 6.5 | ||
2021-01-08 | CVE-2020-16043 | Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. | Debian_linux, Fedora, Chrome | 8.8 | ||
2021-01-08 | CVE-2021-21106 | Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Fedora, Chrome | 9.6 |