Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-12-14 CVE-2021-44538 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow.
network
low complexity
matrix schildi cinny-project debian CWE-119
critical
9.8
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
2021-12-08 CVE-2021-38503 Incorrect Authorization vulnerability in multiple products
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
network
low complexity
mozilla debian CWE-863
critical
10.0
2021-11-23 CVE-2021-38002 Use After Free vulnerability in multiple products
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
9.6
2021-11-22 CVE-2021-44143 Out-of-bounds Write vulnerability in multiple products
A flaw was found in mbsync in isync 1.4.0 through 1.4.3.
network
low complexity
isync-project debian fedoraproject CWE-787
critical
9.8
2021-11-19 CVE-2021-40391 Improper Handling of Exceptional Conditions vulnerability in multiple products
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260).
network
low complexity
gerbv-project debian fedoraproject CWE-755
critical
9.8
2021-11-19 CVE-2021-44026 SQL Injection vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
network
low complexity
roundcube fedoraproject debian CWE-89
critical
9.8
2021-11-13 CVE-2021-3918 json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
network
low complexity
json-schema-project debian
critical
9.8
2021-11-11 CVE-2021-3907 Path Traversal vulnerability in multiple products
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex.
network
low complexity
cloudflare debian CWE-22
critical
9.8
2021-11-05 CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp fedoraproject debian
critical
9.8