Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-24 CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
network
low complexity
arm debian
7.5
2022-03-23 CVE-2021-3618 Improper Certificate Validation vulnerability in multiple products
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates.
7.4
2022-03-23 CVE-2021-3748 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in the virtio-net device of QEMU.
7.5
2022-03-23 CVE-2021-4156 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality.
network
low complexity
libsndfile-project debian CWE-125
7.1
2022-03-23 CVE-2021-4197 Improper Authentication vulnerability in multiple products
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process.
local
low complexity
linux debian oracle broadcom netapp CWE-287
7.8
2022-03-23 CVE-2021-44040 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests.
network
low complexity
apache debian CWE-20
7.5
2022-03-23 CVE-2021-44759 Improper Authentication vulnerability in multiple products
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack.
network
high complexity
apache debian CWE-287
8.1
2022-03-23 CVE-2022-27666 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c.
7.8
2022-03-22 CVE-2022-24764 Stack-based Buffer Overflow vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C.
network
low complexity
teluu debian CWE-121
7.5
2022-03-18 CVE-2022-1011 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write().
7.8