Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-11-19 CVE-2021-40391 Improper Handling of Exceptional Conditions vulnerability in multiple products
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260).
network
low complexity
gerbv-project debian fedoraproject CWE-755
critical
 9.8
9.8
2021-11-19 CVE-2021-44026 SQL Injection vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
network
low complexity
roundcube fedoraproject debian CWE-89
critical
 9.8
9.8
2021-11-13 CVE-2021-3918 json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
network
low complexity
json-schema-project debian
critical
 9.8
9.8
2021-11-11 CVE-2021-3907 Path Traversal vulnerability in multiple products
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex.
network
low complexity
cloudflare debian CWE-22
critical
 9.8
9.8
2021-11-05 CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp fedoraproject debian
critical
 9.8
9.8
2021-11-04 CVE-2021-43400 Use After Free vulnerability in multiple products
An issue was discovered in gatt-database.c in BlueZ 5.61.
network
low complexity
bluez debian CWE-416
critical
 9.1
9.1
2021-11-02 CVE-2021-37981 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-787
critical
 9.6
9.6
2021-10-08 CVE-2021-37973 Use After Free vulnerability in multiple products
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
 9.6
9.6
2021-10-07 CVE-2021-22930 Use After Free vulnerability in multiple products
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
network
low complexity
nodejs netapp siemens debian CWE-416
critical
 9.8
9.8
2021-09-23 CVE-2021-22945 Double Free vulnerability in multiple products
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
network
low complexity
haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415
critical
 9.1
9.1