Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-09 CVE-2021-43173 Resource Exhaustion vulnerability in multiple products
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive.
network
low complexity
nlnetlabs debian CWE-400
7.5
2021-11-09 CVE-2021-43174 Out-of-bounds Write vulnerability in multiple products
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories.
network
low complexity
nlnetlabs debian CWE-787
7.5
2021-11-09 CVE-2021-43114 FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate.
network
low complexity
fort-validator-project debian
7.5
2021-11-08 CVE-2021-41771 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
network
low complexity
golang fedoraproject debian CWE-119
7.5
2021-11-05 CVE-2021-3927 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian
7.8
2021-11-05 CVE-2021-3928 vim is vulnerable to Use of Uninitialized Variable
local
low complexity
vim fedoraproject debian
7.8
2021-11-03 CVE-2021-37147 Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian
7.5
2021-11-03 CVE-2021-37148 Improper Input Validation vulnerability in multiple products
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
2021-11-03 CVE-2021-37149 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
2021-11-03 CVE-2021-38161 Improper Authentication vulnerability in multiple products
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.
network
high complexity
apache debian CWE-287
8.1