Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-31 CVE-2021-4193 Out-of-bounds Read vulnerability in multiple products
vim is vulnerable to Out-of-bounds Read
local
low complexity
vim fedoraproject debian apple CWE-125
5.5
2021-12-28 CVE-2021-44832 Improper Input Validation vulnerability in multiple products
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
network
high complexity
apache oracle cisco fedoraproject debian CWE-20
6.6
2021-12-24 CVE-2021-45480 Memory Leak vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.15.11.
local
low complexity
linux debian CWE-401
5.5
2021-12-23 CVE-2021-38009 Information Exposure Through Discrepancy vulnerability in multiple products
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-203
6.5
2021-12-23 CVE-2021-38010 Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
2021-12-23 CVE-2021-38018 Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
2021-12-23 CVE-2021-38019 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-670
6.5
2021-12-23 CVE-2021-38020 Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
2021-12-23 CVE-2021-38021 Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
2021-12-23 CVE-2021-38022 Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5