Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
 9.8
9.8
2021-08-21 CVE-2021-38171 Unchecked Return Value vulnerability in multiple products
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
network
low complexity
ffmpeg debian CWE-252
critical
 9.8
9.8
2021-08-07 CVE-2021-38173 Command Injection vulnerability in multiple products
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
network
low complexity
digint debian fedoraproject CWE-77
critical
 9.8
9.8
2021-07-22 CVE-2021-35942 Integer Overflow or Wraparound vulnerability in multiple products
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information.
network
low complexity
gnu netapp debian CWE-190
critical
 9.1
9.1
2021-07-13 CVE-2021-34552 Classic Buffer Overflow vulnerability in multiple products
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
network
low complexity
python debian fedoraproject CWE-120
critical
 9.8
9.8
2021-06-10 CVE-2021-26691 Out-of-bounds Write vulnerability in multiple products
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
network
low complexity
apache debian fedoraproject oracle netapp CWE-787
critical
 9.8
9.8
2021-05-27 CVE-2020-15180 Command Injection vulnerability in multiple products
A flaw was found in the mysql-wsrep component of mariadb.
network
high complexity
mariadb debian percona galeracluster CWE-77
critical
 9.0
9.0
2021-05-25 CVE-2021-33574 Use After Free vulnerability in multiple products
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.
network
low complexity
gnu fedoraproject netapp debian CWE-416
critical
 9.8
9.8
2021-05-21 CVE-2020-36328 Out-of-bounds Write vulnerability in multiple products
A flaw was found in libwebp in versions before 1.0.1.
network
low complexity
webmproject redhat netapp debian apple CWE-787
critical
 9.8
9.8
2021-05-21 CVE-2020-36329 Use After Free vulnerability in multiple products
A flaw was found in libwebp in versions before 1.0.1.
network
low complexity
webmproject redhat netapp debian apple CWE-416
critical
 9.8
9.8