Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-17 CVE-2021-4009 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14.
local
low complexity
x-org fedoraproject debian CWE-119
7.8
2021-12-17 CVE-2021-4010 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14.
local
low complexity
x-org fedoraproject debian CWE-119
7.8
2021-12-17 CVE-2021-4011 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14.
local
low complexity
x-org fedoraproject debian CWE-119
7.8
2021-12-15 CVE-2021-45078 Out-of-bounds Write vulnerability in multiple products
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write.
local
low complexity
gnu fedoraproject redhat debian netapp CWE-787
7.8
2021-12-13 CVE-2021-43818 Injection vulnerability in multiple products
lxml is a library for processing XML and HTML in the Python language.
network
low complexity
lxml fedoraproject debian netapp oracle CWE-74
7.1
2021-12-08 CVE-2021-38504 Use After Free vulnerability in multiple products
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla debian CWE-416
8.8
2021-12-08 CVE-2021-43537 Incorrect Type Conversion or Cast vulnerability in multiple products
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash.
network
low complexity
mozilla debian CWE-704
8.8
2021-12-08 CVE-2021-43539 Use After Free vulnerability in multiple products
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers.
network
low complexity
mozilla debian CWE-416
8.8
2021-12-08 CVE-2021-44420 In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. 7.3
2021-12-06 CVE-2021-4069 Use After Free vulnerability in multiple products
vim is vulnerable to Use After Free
local
low complexity
vim fedoraproject debian CWE-416
7.8