Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-20	CVE-2021-42739	Out-of-bounds Write vulnerability in multiple products The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. local low complexity linux fedoraproject debian starwindsoftware oracle CWE-787	6.7
2021-10-19	CVE-2021-37136	Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). network low complexity netty quarkus oracle netapp debian CWE-400	7.5
2021-10-19	CVE-2021-37137	Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. network low complexity netty oracle quarkus netapp debian CWE-400	7.5
2021-10-19	CVE-2021-30846	Out-of-bounds Write vulnerability in multiple products A memory corruption issue was addressed with improved memory handling. local low complexity apple debian fedoraproject CWE-787	7.8
2021-10-19	CVE-2021-3872	vim is vulnerable to Heap-based Buffer Overflow local low complexity vim fedoraproject debian	7.8
2021-10-18	CVE-2021-41990	Integer Overflow or Wraparound vulnerability in multiple products The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. network low complexity strongswan debian fedoraproject siemens CWE-190	7.5
2021-10-18	CVE-2021-41991	Integer Overflow or Wraparound vulnerability in multiple products The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. network low complexity strongswan debian fedoraproject siemens CWE-190	7.5
2021-10-18	CVE-2021-38562	Information Exposure Through Discrepancy vulnerability in multiple products Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. network low complexity bestpractical fedoraproject debian CWE-203	7.5
2021-10-15	CVE-2021-28021	Out-of-bounds Write vulnerability in multiple products Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. local low complexity stb-project fedoraproject debian CWE-787	7.8
2021-10-14	CVE-2021-42340	Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. network low complexity apache netapp debian oracle CWE-772	7.5