Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-22940 Use After Free vulnerability in multiple products
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
network
low complexity
nodejs oracle netapp siemens debian CWE-416
7.5
2021-08-12 CVE-2021-38291 Reachable Assertion vulnerability in multiple products
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
network
low complexity
ffmpeg debian CWE-617
7.5
2021-08-10 CVE-2020-21688 Use After Free vulnerability in multiple products
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
network
low complexity
ffmpeg debian CWE-416
8.8
2021-08-07 CVE-2021-38166 Integer Overflow or Wraparound vulnerability in multiple products
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket.
local
low complexity
linux fedoraproject debian CWE-190
7.8
2021-08-07 CVE-2021-38160 Classic Buffer Overflow vulnerability in multiple products
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size.
local
low complexity
linux netapp debian redhat CWE-120
7.8
2021-08-05 CVE-2021-3580 A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext.
network
low complexity
nettle-project redhat debian netapp
7.5
2021-08-05 CVE-2021-3682 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2.
network
high complexity
qemu redhat debian
8.5
2021-08-03 CVE-2021-30560 Use After Free vulnerability in multiple products
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google xmlsoft debian splunk CWE-416
8.8
2021-08-02 CVE-2021-33196 Improper Input Validation vulnerability in multiple products
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
network
low complexity
golang debian CWE-20
7.5
2021-07-30 CVE-2021-31799 OS Command Injection vulnerability in multiple products
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
local
high complexity
debian ruby-lang oracle CWE-78
7.0