Vulnerabilities > Debian > Debian Linux > Low

DATE CVE VULNERABILITY TITLE RISK
2021-08-08 CVE-2021-38199 fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
low complexity
linux netapp debian
3.3
2021-08-08 CVE-2021-38198 arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
local
low complexity
linux debian
2.1
2021-08-05 CVE-2021-3655 Improper Input Validation vulnerability in multiple products
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1.
local
low complexity
linux redhat debian CWE-20
3.3
2021-08-05 CVE-2021-22924 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
3.7
2021-07-21 CVE-2021-2341 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).
network
high complexity
oracle debian fedoraproject
3.1
2021-06-22 CVE-2021-34428 Insufficient Session Expiration vulnerability in multiple products
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager.
3.5
2021-06-18 CVE-2020-18442 Infinite Loop vulnerability in multiple products
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
3.3
2021-06-15 CVE-2021-3595 Access of Uninitialized Pointer vulnerability in multiple products
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU.
3.8
2021-06-15 CVE-2021-3594 Access of Uninitialized Pointer vulnerability in multiple products
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU.
3.8
2021-06-15 CVE-2021-3593 Access of Uninitialized Pointer vulnerability in multiple products
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU.
3.8