Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-28 CVE-2021-31863 Improper Input Validation vulnerability in multiple products
Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
network
low complexity
redmine debian CWE-20
7.5
7.5
2021-04-27 CVE-2021-29472 Composer is a dependency manager for PHP.
network
low complexity
getcomposer debian fedoraproject
8.8
8.8
2021-04-27 CVE-2019-25041 Reachable Assertion vulnerability in multiple products
Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.
network
low complexity
nlnetlabs debian CWE-617
7.5
7.5
2021-04-27 CVE-2019-25040 Infinite Loop vulnerability in multiple products
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.
network
low complexity
nlnetlabs debian CWE-835
7.5
7.5
2021-04-27 CVE-2019-25037 Reachable Assertion vulnerability in multiple products
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.
network
low complexity
nlnetlabs debian CWE-617
7.5
7.5
2021-04-27 CVE-2019-25036 Reachable Assertion vulnerability in multiple products
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.
network
low complexity
nlnetlabs debian CWE-617
7.5
7.5
2021-04-26 CVE-2021-21204 Use After Free vulnerability in multiple products
Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2021-04-26 CVE-2021-21202 Use After Free vulnerability in multiple products
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
local
low complexity
google debian fedoraproject CWE-416
8.6
8.6
2021-04-26 CVE-2021-21203 Use After Free vulnerability in multiple products
Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2021-04-26 CVE-2021-21214 Use After Free vulnerability in multiple products
Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8