Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-24 CVE-2021-28708 PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned.
local
low complexity
xen debian fedoraproject
8.8
2021-11-23 CVE-2021-37997 Use After Free vulnerability in multiple products
Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2021-11-23 CVE-2021-37998 Use After Free vulnerability in multiple products
Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2021-11-23 CVE-2021-38001 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-843
8.8
2021-11-23 CVE-2021-38003 Improper Handling of Exceptional Conditions vulnerability in multiple products
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-755
8.8
2021-11-22 CVE-2021-3935 Improper Certificate Validation vulnerability in multiple products
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption.
network
high complexity
pgbouncer redhat fedoraproject debian CWE-295
8.1
2021-11-19 CVE-2021-21898 A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580.
network
low complexity
librecad debian fedoraproject
8.8
2021-11-19 CVE-2021-21899 A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580.
network
low complexity
librecad fedoraproject debian
8.8
2021-11-19 CVE-2021-21900 A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580.
network
low complexity
librecad debian fedoraproject
8.8
2021-11-19 CVE-2021-39921 NULL Pointer Dereference vulnerability in multiple products
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-476
7.5