Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-3566 Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it.
local
low complexity
ffmpeg debian
5.5
5.5
2021-08-05 CVE-2021-3580 A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext.
network
low complexity
nettle-project redhat debian netapp
7.5
7.5
2021-08-05 CVE-2021-3655 Improper Input Validation vulnerability in multiple products
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1.
local
low complexity
linux redhat debian CWE-20
3.3
3.3
2021-08-05 CVE-2021-3679 Infinite Loop vulnerability in multiple products
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way.
local
low complexity
linux redhat debian CWE-835
5.5
5.5
2021-08-05 CVE-2021-3682 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2.
network
high complexity
qemu redhat debian
8.5
8.5
2021-08-04 CVE-2021-38114 Unchecked Return Value vulnerability in multiple products
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
local
low complexity
ffmpeg debian CWE-252
5.5
5.5
2021-08-03 CVE-2021-30560 Use After Free vulnerability in multiple products
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google xmlsoft debian splunk CWE-416
8.8
8.8
2021-08-02 CVE-2021-33196 Improper Input Validation vulnerability in multiple products
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
network
low complexity
golang debian CWE-20
7.5
7.5
2021-08-02 CVE-2021-34556 Information Exposure Through Discrepancy vulnerability in multiple products
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
local
low complexity
linux fedoraproject debian CWE-203
5.5
5.5
2021-08-02 CVE-2021-35477 Information Exposure Through Discrepancy vulnerability in multiple products
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
local
low complexity
linux debian fedoraproject CWE-203
5.5
5.5