Shodan
Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  >> 9.0  Security Vulnerabilities
CVE-2021-45972
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.
CVSS Score
7.1
EPSS Score
0.003
Published
2022-01-01
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-01-01
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-01
CVE-2021-44716
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-01-01
CVE-2021-44717
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
CVSS Score
4.8
EPSS Score
0.005
Published
2022-01-01
CVE-2021-45943
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-01
CVE-2021-45930
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-01
CVE-2021-45944
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
CVSS Score
5.5
EPSS Score
0.0
Published
2022-01-01
CVE-2021-45949
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
CVSS Score
5.5
EPSS Score
0.0
Published
2022-01-01
CVE-2021-45958
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-01-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved