Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-19 CVE-2021-39925 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-120
7.5
7.5
2021-11-19 CVE-2021-39926 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-120
7.5
7.5
2021-11-19 CVE-2021-39929 Uncontrolled Recursion vulnerability in multiple products
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-674
7.5
7.5
2021-11-19 CVE-2021-3973 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian
7.8
7.8
2021-11-19 CVE-2021-3974 vim is vulnerable to Use After Free
local
low complexity
vim fedoraproject debian
7.8
7.8
2021-11-18 CVE-2021-39928 NULL Pointer Dereference vulnerability in multiple products
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-476
7.5
7.5
2021-11-15 CVE-2021-43618 Integer Overflow or Wraparound vulnerability in multiple products
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
network
low complexity
gmplib debian netapp CWE-190
7.5
7.5
2021-11-11 CVE-2021-3908 Infinite Loop vulnerability in multiple products
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
network
low complexity
cloudflare debian CWE-835
7.5
7.5
2021-11-11 CVE-2021-3909 Resource Exhaustion vulnerability in multiple products
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever.
network
low complexity
cloudflare debian CWE-400
7.5
7.5
2021-11-11 CVE-2021-3910 Improper Input Validation vulnerability in multiple products
OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).
network
low complexity
cloudflare debian CWE-20
7.5
7.5