Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-02 CVE-2021-44227 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
network
low complexity
gnu debian CWE-352
8.8
2021-12-01 CVE-2021-3984 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian CWE-122
7.8
2021-12-01 CVE-2021-4019 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian CWE-122
7.8
2021-11-29 CVE-2019-8922 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48.
low complexity
bluez debian CWE-787
8.8
2021-11-24 CVE-2021-28705 Improper Handling of Exceptional Conditions vulnerability in multiple products
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned.
local
low complexity
xen fedoraproject debian CWE-755
7.8
2021-11-24 CVE-2021-28709 Improper Handling of Exceptional Conditions vulnerability in multiple products
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned.
local
low complexity
xen fedoraproject debian CWE-755
7.8
2021-11-24 CVE-2021-28704 PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned.
local
low complexity
xen fedoraproject debian
8.8
2021-11-24 CVE-2021-28706 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit.
network
low complexity
xen fedoraproject debian CWE-770
8.6
2021-11-24 CVE-2021-28707 PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned.
local
low complexity
xen debian fedoraproject
8.8
2021-11-24 CVE-2021-28708 PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned.
local
low complexity
xen debian fedoraproject
8.8