Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2021-10-18 CVE-2021-41990 Integer Overflow or Wraparound vulnerability in multiple products
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature.
network
low complexity
strongswan debian CWE-190
5.0
2021-10-18 CVE-2021-41991 Integer Overflow or Wraparound vulnerability in multiple products
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries.
network
low complexity
strongswan debian CWE-190
5.0
2021-10-12 CVE-2021-42326 Information Exposure vulnerability in multiple products
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
network
low complexity
redmine debian CWE-200
5.0
2021-10-12 CVE-2021-25634 Improper Certificate Validation vulnerability in multiple products
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid.
network
low complexity
libreoffice debian CWE-295
5.0
2021-10-11 CVE-2021-25633 Improper Certificate Validation vulnerability in multiple products
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid.
network
low complexity
libreoffice debian CWE-295
5.0
2021-10-08 CVE-2021-41133 Improper Input Validation vulnerability in multiple products
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian fedoraproject CWE-20
4.6
2021-09-29 CVE-2021-22946 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl).
network
low complexity
haxx debian fedoraproject CWE-319
5.0
2021-09-29 CVE-2021-22947 Insufficient Verification of Data Authenticity vulnerability in multiple products
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches.
4.3
2021-09-20 CVE-2020-21913 Use After Free vulnerability in multiple products
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
4.3
2021-09-19 CVE-2021-40690 Information Exposure vulnerability in multiple products
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian CWE-200
5.0