Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-23 | CVE-2021-37999 | Cross-site Scripting vulnerability in multiple products Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. | 6.1 |
2021-11-23 | CVE-2021-38000 | Open Redirect vulnerability in multiple products Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | 6.1 |
2021-11-23 | CVE-2021-38004 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |
2021-11-19 | CVE-2021-39923 | Excessive Iteration vulnerability in multiple products Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | 5.0 |
2021-11-19 | CVE-2021-44025 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. | 6.1 |
2021-11-17 | CVE-2021-43975 | Out-of-bounds Write vulnerability in multiple products In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. | 6.7 |
2021-11-17 | CVE-2021-43976 | In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | 4.6 |
2021-11-15 | CVE-2021-22959 | HTTP Request Smuggling vulnerability in multiple products The parser in accepts requests with a space (SP) right after the header name before the colon. | 6.5 |
2021-11-12 | CVE-2021-41229 | Memory Leak vulnerability in multiple products BlueZ is a Bluetooth protocol stack for Linux. | 6.5 |
2021-11-12 | CVE-2021-43331 | Cross-site Scripting vulnerability in multiple products In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. | 6.1 |