Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-08 | CVE-2021-38503 | Incorrect Authorization vulnerability in multiple products The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. | 10.0 |
2021-11-23 | CVE-2021-38002 | Use After Free vulnerability in multiple products Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-11-22 | CVE-2021-44143 | Out-of-bounds Write vulnerability in multiple products A flaw was found in mbsync in isync 1.4.0 through 1.4.3. | 9.8 |
2021-11-19 | CVE-2021-40391 | Improper Handling of Exceptional Conditions vulnerability in multiple products An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). | 9.8 |
2021-11-19 | CVE-2021-44026 | SQL Injection vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | 9.8 |
2021-11-13 | CVE-2021-3918 | json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 |
2021-11-11 | CVE-2021-3907 | Path Traversal vulnerability in multiple products OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. | 9.8 |
2021-11-05 | CVE-2021-35368 | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. | 9.8 |
2021-11-04 | CVE-2021-43400 | Use After Free vulnerability in multiple products An issue was discovered in gatt-database.c in BlueZ 5.61. | 9.1 |
2021-11-02 | CVE-2021-37981 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |