Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-15	CVE-2021-45078	Out-of-bounds Write vulnerability in multiple products stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. local low complexity gnu fedoraproject redhat debian netapp CWE-787	7.8
2021-12-15	CVE-2021-0920	Use After Free vulnerability in multiple products In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. local high complexity google debian CWE-416	6.4
2021-12-15	CVE-2021-43113	Command Injection vulnerability in multiple products iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. network low complexity itextpdf debian CWE-77 critical	9.8
2021-12-14	CVE-2021-45046	It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. network high complexity apache intel cvat siemens debian sonicwall fedoraproject critical	9.0
2021-12-14	CVE-2021-44538	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. network low complexity matrix schildi cinny-project debian CWE-119 critical	9.8
2021-12-13	CVE-2021-43818	lxml is a library for processing XML and HTML in the Python language. network low complexity lxml fedoraproject debian netapp oracle	7.1
2021-12-10	CVE-2021-44228	Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple critical	10.0
2021-12-09	CVE-2021-43797	Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. network low complexity netty quarkus netapp oracle debian	6.5
2021-12-08	CVE-2021-38503	Incorrect Authorization vulnerability in multiple products The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. network low complexity mozilla debian CWE-863 critical	10.0
2021-12-08	CVE-2021-38504	Use After Free vulnerability in multiple products When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. network low complexity mozilla debian CWE-416	8.8