Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-12-20 CVE-2021-44790 Out-of-bounds Write vulnerability in multiple products
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
network
low complexity
apache fedoraproject debian tenable netapp oracle apple CWE-787
critical
9.8
2021-12-20 CVE-2021-44732 Double Free vulnerability in multiple products
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
network
low complexity
arm debian CWE-415
critical
9.8
2021-12-17 CVE-2021-23450 All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
network
low complexity
linuxfoundation oracle debian
critical
9.8
2021-12-15 CVE-2021-43113 Command Injection vulnerability in multiple products
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
network
low complexity
itextpdf debian CWE-77
critical
9.8
2021-12-14 CVE-2021-45046 Expression Language Injection vulnerability in multiple products
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
network
high complexity
apache intel cvat siemens debian sonicwall fedoraproject CWE-917
critical
9.0
2021-12-14 CVE-2021-44538 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow.
network
low complexity
matrix schildi cinny-project debian CWE-119
critical
9.8
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
10.0
2021-12-08 CVE-2021-38503 Incorrect Authorization vulnerability in multiple products
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
network
low complexity
mozilla debian CWE-863
critical
10.0
2021-11-23 CVE-2021-38002 Use After Free vulnerability in multiple products
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
9.6
2021-11-22 CVE-2021-44143 Out-of-bounds Write vulnerability in multiple products
A flaw was found in mbsync in isync 1.4.0 through 1.4.3.
network
low complexity
isync-project debian fedoraproject CWE-787
critical
9.8