Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-11 CVE-2021-3908 Infinite Loop vulnerability in multiple products
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
network
low complexity
cloudflare debian CWE-835
7.5
2021-11-11 CVE-2021-3909 Resource Exhaustion vulnerability in multiple products
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever.
network
low complexity
cloudflare debian CWE-400
7.5
2021-11-11 CVE-2021-3910 Improper Input Validation vulnerability in multiple products
OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).
network
low complexity
cloudflare debian CWE-20
7.5
2021-11-09 CVE-2021-43173 Resource Exhaustion vulnerability in multiple products
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive.
network
low complexity
nlnetlabs debian CWE-400
7.5
2021-11-09 CVE-2021-43174 Out-of-bounds Write vulnerability in multiple products
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories.
network
low complexity
nlnetlabs debian CWE-787
7.5
2021-11-09 CVE-2021-43114 FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate.
network
low complexity
fort-validator-project debian
7.5
2021-11-08 CVE-2021-41771 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
network
low complexity
golang fedoraproject debian CWE-119
7.5
2021-11-05 CVE-2021-3927 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian
7.8
2021-11-05 CVE-2021-3928 vim is vulnerable to Use of Uninitialized Variable
local
low complexity
vim fedoraproject debian
7.8
2021-11-03 CVE-2021-37147 Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian
7.5