Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-02 CVE-2021-37979 Out-of-bounds Write vulnerability in multiple products
heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
2021-11-02 CVE-2021-37980 Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.
network
low complexity
google fedoraproject debian
7.4
2021-10-27 CVE-2021-3903 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian CWE-122
7.8
2021-10-25 CVE-2021-21703 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
local
high complexity
php debian fedoraproject netapp oracle CWE-787
7.0
2021-10-21 CVE-2021-42097 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
GNU Mailman before 2.1.35 may allow remote Privilege Escalation.
network
low complexity
gnu debian CWE-352
8.0
2021-10-20 CVE-2021-42771 Path Traversal vulnerability in multiple products
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
local
low complexity
pocoo debian CWE-22
7.2
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
2021-10-19 CVE-2021-30846 Out-of-bounds Write vulnerability in multiple products
A memory corruption issue was addressed with improved memory handling.
local
low complexity
apple debian fedoraproject CWE-787
7.8
2021-10-19 CVE-2021-3872 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian CWE-122
7.8