Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-11-11 CVE-2021-3907 Path Traversal vulnerability in multiple products
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex.
network
low complexity
cloudflare debian CWE-22
critical
 9.8
9.8
2021-11-05 CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp fedoraproject debian
critical
 9.8
9.8
2021-11-04 CVE-2021-43400 Use After Free vulnerability in multiple products
An issue was discovered in gatt-database.c in BlueZ 5.61.
network
low complexity
bluez debian CWE-416
critical
 9.1
9.1
2021-10-08 CVE-2021-37973 Use After Free vulnerability in multiple products
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
 9.6
9.6
2021-10-07 CVE-2021-22930 Use After Free vulnerability in multiple products
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
network
low complexity
nodejs netapp siemens debian CWE-416
critical
 9.8
9.8
2021-09-23 CVE-2021-22945 Double Free vulnerability in multiple products
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
network
low complexity
haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415
critical
 9.1
9.1
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
network
high complexity
apache fedoraproject debian netapp f5 oracle siemens CWE-918
critical
 9.0
9.0
2021-09-16 CVE-2021-39275 Out-of-bounds Write vulnerability in multiple products
ap_escape_quotes() may write beyond the end of a buffer when given malicious input.
network
low complexity
apache fedoraproject debian netapp oracle siemens CWE-787
critical
 9.8
9.8
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
 9.8
9.8
2021-08-21 CVE-2021-38171 Unchecked Return Value vulnerability in multiple products
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
network
low complexity
ffmpeg debian CWE-252
critical
 9.8
9.8