Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-15 | CVE-2021-22959 | HTTP Request Smuggling vulnerability in multiple products The parser in accepts requests with a space (SP) right after the header name before the colon. | 6.5 |
| 2021-11-15 | CVE-2021-43618 | Integer Overflow or Wraparound vulnerability in multiple products GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. | 7.5 |
| 2021-11-13 | CVE-2021-3918 | json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 |
| 2021-11-12 | CVE-2021-41229 | Memory Leak vulnerability in multiple products BlueZ is a Bluetooth protocol stack for Linux. | 6.5 |
| 2021-11-12 | CVE-2021-43331 | Cross-site Scripting vulnerability in multiple products In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. | 6.1 |
| 2021-11-12 | CVE-2021-43332 | Insufficiently Protected Credentials vulnerability in multiple products In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. | 6.5 |
| 2021-11-11 | CVE-2021-3907 | Path Traversal vulnerability in multiple products OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. | 9.8 |
| 2021-11-11 | CVE-2021-3908 | Infinite Loop vulnerability in multiple products OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | 7.5 |
| 2021-11-11 | CVE-2021-3909 | Resource Exhaustion vulnerability in multiple products OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. | 7.5 |
| 2021-11-11 | CVE-2021-3910 | Improper Input Validation vulnerability in multiple products OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | 7.5 |