Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-21 CVE-2021-1076 NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
local
low complexity
nvidia debian
7.8
2021-04-19 CVE-2021-3506 An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4.
local
low complexity
linux debian netapp
7.1
2021-04-19 CVE-2021-3498 Out-of-bounds Write vulnerability in multiple products
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
local
low complexity
gstreamer-project redhat debian CWE-787
7.8
2021-04-19 CVE-2021-3497 Use After Free vulnerability in multiple products
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
local
low complexity
gstreamer-project redhat debian CWE-416
7.8
2021-04-19 CVE-2021-29457 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject debian
7.8
2021-04-15 CVE-2021-20288 Improper Authentication vulnerability in multiple products
An authentication flaw was found in ceph in versions before 14.2.20.
7.2
2021-04-08 CVE-2021-29154 Command Injection vulnerability in multiple products
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context.
local
low complexity
linux fedoraproject debian netapp CWE-77
7.8
2021-04-08 CVE-2021-1405 Missing Initialization of Resource vulnerability in multiple products
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav debian CWE-909
7.5
2021-04-06 CVE-2021-30130 Improper Verification of Cryptographic Signature vulnerability in multiple products
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
network
low complexity
phpseclib debian CWE-347
7.5
2021-04-06 CVE-2021-30163 Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
network
low complexity
redmine debian
7.5