Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-38503 Incorrect Authorization vulnerability in multiple products
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
network
low complexity
mozilla debian CWE-863
critical
10.0
2021-11-23 CVE-2021-38002 Use After Free vulnerability in multiple products
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
9.6
2021-11-22 CVE-2021-44143 Out-of-bounds Write vulnerability in multiple products
A flaw was found in mbsync in isync 1.4.0 through 1.4.3.
network
low complexity
isync-project debian fedoraproject CWE-787
critical
9.8
2021-11-19 CVE-2021-40391 Improper Handling of Exceptional Conditions vulnerability in multiple products
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260).
network
low complexity
gerbv-project debian fedoraproject CWE-755
critical
9.8
2021-11-19 CVE-2021-44026 SQL Injection vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
network
low complexity
roundcube fedoraproject debian CWE-89
critical
9.8
2021-11-13 CVE-2021-3918 json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
network
low complexity
json-schema-project debian
critical
9.8
2021-11-11 CVE-2021-3907 Path Traversal vulnerability in multiple products
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex.
network
low complexity
cloudflare debian CWE-22
critical
9.8
2021-11-05 CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp fedoraproject debian
critical
9.8
2021-11-04 CVE-2021-43400 Use After Free vulnerability in multiple products
An issue was discovered in gatt-database.c in BlueZ 5.61.
network
low complexity
bluez debian CWE-416
critical
9.1
2021-11-02 CVE-2021-37981 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-787
critical
9.6