Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-22	CVE-2021-40393	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). network low complexity gerbv-project debian CWE-787 critical	9.8
2021-12-22	CVE-2021-40394	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). network low complexity gerbv-project debian CWE-787 critical	9.8
2021-12-22	CVE-2021-37706	PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. network low complexity teluu asterisk sangoma debian critical	9.8
2021-12-22	CVE-2021-43804	PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. network low complexity teluu debian	7.3
2021-12-22	CVE-2021-44733	Race Condition vulnerability in multiple products A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. local high complexity linux redhat fedoraproject debian netapp CWE-362	7.0
2021-12-20	CVE-2021-44224	NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). network low complexity apache fedoraproject debian tenable oracle apple CWE-476	8.2
2021-12-20	CVE-2021-44790	A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). network low complexity apache fedoraproject debian tenable netapp oracle apple critical	9.8
2021-12-20	CVE-2021-44732	Double Free vulnerability in multiple products Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. network low complexity arm debian CWE-415 critical	9.8
2021-12-18	CVE-2021-45105	Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. network high complexity apache netapp debian sonicwall oracle CWE-674	5.9
2021-12-17	CVE-2021-23450	All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. network low complexity linuxfoundation oracle debian critical	9.8