Debian Security Vulnerabilities (CVEs)

This vulnerability allows PCI devices with Reserved Memory Region Reporting (RMRR) to be improperly deassigned when passed through to virtual machine ...

This CVE describes an integer overflow vulnerability in Redis' hiredis library that affects redis-cli and redis-sentinel when parsing large multi-bulk...

CVE-2021-41099 is an integer overflow vulnerability in Redis' string library that allows heap corruption when the proto-max-bulk-len configuration is ...

CVE-2021-32627 is an integer overflow vulnerability in Redis that allows remote attackers to corrupt heap memory by setting configuration parameters t...

CVE-2021-32675 is a memory allocation vulnerability in Redis where specially crafted RESP protocol requests can cause excessive memory consumption, po...

A vulnerability in KVM's AMD SVM nested virtualization allows a malicious L1 guest to enable AVIC support for L2 guests, bypassing proper validation. ...

CVE-2021-32273 is a stack buffer overflow vulnerability in the ftypin function of faad2 MP4/AAC audio decoder library. It allows remote attackers to e...

This vulnerability in faad2 audio decoding library allows heap buffer overflow in the sbr_qmf_analysis_32 function, potentially enabling remote code e...

This vulnerability in the Linux kernel's MIPS BPF JIT compiler allows unprivileged users to execute arbitrary code with kernel privileges. It affects ...

This is a local privilege escalation vulnerability in the Linux kernel's io_uring subsystem. It allows local users to trigger a use-after-free conditi...

CVE-2021-3805 is a prototype pollution vulnerability in the object-path npm package that allows attackers to modify JavaScript object prototypes, pote...

CVE-2020-21598 is a heap buffer overflow vulnerability in libde265 v1.0.4's ff_hevc_put_unweighted_pred_8_sse function that allows remote code executi...

CVE-2021-36160 is an out-of-bounds read vulnerability in Apache HTTP Server's mod_proxy_uwsgi module. A specially crafted URI path can cause the serve...

This vulnerability in Apache Tomcat allows denial of service attacks when using specific TLS configurations. Attackers can send specially crafted TLS ...

CVE-2021-3778 is a heap-based buffer overflow vulnerability in Vim text editor that could allow attackers to execute arbitrary code or cause denial of...

This vulnerability allows authenticated low-privileged WordPress users (like contributors or authors) to execute cross-site scripting (XSS) attacks in...

This vulnerability allows any Certificate Authority (CA) issuer in the Resource Public Key Infrastructure (RPKI) to trick OctoRPKI versions prior to 1...

CVE-2021-40346 is an integer overflow vulnerability in HAProxy's HTTP header processing that enables HTTP request smuggling attacks. This allows attac...

CVE-2021-28701 is a race condition vulnerability in Xen's grant table v2 status page handling that allows guest VMs to retain access to freed memory p...

This vulnerability allows an attacker to trigger a heap-based buffer overflow by providing a malicious NTFS image to NTFS-3G. Systems using NTFS-3G ve...

CVE-2021-39258 is an out-of-bounds read vulnerability in NTFS-3G that allows attackers to read sensitive memory contents from a crafted NTFS image. Th...

This vulnerability in NTFS-3G allows attackers to trigger an out-of-bounds memory access by providing a malicious NTFS image. When exploited, it can l...

CVE-2021-39262 is an out-of-bounds memory access vulnerability in NTFS-3G's decompression function that can be triggered by a specially crafted NTFS i...

This vulnerability is a buffer overflow in LibTiff's tiffcrop utility that allows attackers to cause denial of service through the invertImage() funct...

A heap buffer overflow vulnerability in NTFS-3G allows attackers to write to arbitrary memory or cause denial of service when reading specially crafte...

A stack buffer overflow vulnerability in NTFS-3G versions before 2021.8.22 allows local attackers to execute arbitrary code or escalate privileges whe...

CVE-2021-39252 is an out-of-bounds read vulnerability in NTFS-3G's ntfs_ie_lookup function. Attackers can exploit this by mounting a specially crafted...

CVE-2021-39254 is an integer overflow vulnerability in NTFS-3G that can lead to heap-based buffer overflow when processing a malicious NTFS image. Thi...

A heap buffer overflow vulnerability in NTFS-3G allows memory disclosure or denial of service when mounting a specially crafted NTFS partition. Attack...

This vulnerability allows attackers to execute arbitrary code and escalate privileges by exploiting a heap buffer overflow in NTFS-3G when processing ...

CVE-2021-40516 is an out-of-bounds read vulnerability in WeeChat's Relay plugin that allows remote attackers to crash the application via specially cr...

A race condition vulnerability in the ext4 filesystem's inline data handling in Linux kernel versions up to 5.13.13 allows local attackers to corrupt ...

CVE-2021-39847 is a stack-based buffer overflow vulnerability in Adobe XMP Toolkit SDK versions 2020.1 and earlier. It allows arbitrary code execution...

CVE-2021-36064 is a buffer underflow vulnerability in Adobe XMP Toolkit that could allow arbitrary code execution when a user opens a malicious file. ...

CVE-2021-36046 is a memory corruption vulnerability in Adobe XMP Toolkit versions 2020.1 and earlier that could allow arbitrary code execution when pr...

CVE-2021-36048 is an improper input validation vulnerability in Adobe XMP Toolkit SDK that could allow arbitrary code execution when a user opens a ma...

CVE-2021-36050 is a heap-based buffer overflow vulnerability in Adobe XMP Toolkit SDK that could allow arbitrary code execution when processing malici...

CVE-2021-36055 is a use-after-free vulnerability in Adobe XMP Toolkit SDK that could allow arbitrary code execution when a user opens a malicious file...

This vulnerability in the npm tar package allows attackers to bypass symlink checks by exploiting Unicode normalization and Windows short path behavio...

This vulnerability allows remote code execution through a specially crafted file that triggers an out-of-bounds read and type confusion in CGAL's Nef ...

This vulnerability allows remote code execution through an out-of-bounds read and type confusion in CGAL's Nef polygon-parsing functionality. Attacker...

This Xen hypervisor vulnerability allows guest virtual machines to retain access to freed memory pages after switching from grant table v2 to v1. A ra...

This vulnerability in Squashfs-Tools allows directory traversal attacks during archive extraction. Attackers can craft malicious squashfs archives tha...

This vulnerability allows a malicious guest user in QEMU virtual machines to perform out-of-bounds writes in the UAS device emulation, potentially lea...

This integer overflow vulnerability in GPAC's MPEG-4 decoder allows heap-based buffer overflow via specially crafted video files. Attackers can achiev...

This vulnerability allows remote code execution through a specially crafted MPEG-4 video file. Attackers can exploit an integer overflow in GPAC's MPE...

An integer overflow vulnerability in GPAC's MPEG-4 decoder allows heap-based buffer overflow via specially crafted video files. Attackers can exploit ...

This is a use-after-free vulnerability in Apple's WebKit browser engine that could allow arbitrary code execution when processing malicious web conten...

This vulnerability allows attackers to execute arbitrary code on affected Apple devices by tricking users into visiting malicious web pages. It affect...