Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-11 | CVE-2021-3908 | Infinite Loop vulnerability in multiple products OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | 7.5 |
| 2021-11-11 | CVE-2021-3909 | Resource Exhaustion vulnerability in multiple products OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. | 7.5 |
| 2021-11-11 | CVE-2021-3910 | Improper Input Validation vulnerability in multiple products OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | 7.5 |
| 2021-11-09 | CVE-2021-43173 | Resource Exhaustion vulnerability in multiple products In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. | 7.5 |
| 2021-11-09 | CVE-2021-43174 | Out-of-bounds Write vulnerability in multiple products NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. | 7.5 |
| 2021-11-09 | CVE-2021-43114 | FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. | 7.5 |
| 2021-11-08 | CVE-2021-41771 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | 7.5 |
| 2021-11-05 | CVE-2021-3927 | vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
| 2021-11-05 | CVE-2021-3928 | vim is vulnerable to Use of Uninitialized Variable | 7.8 |
| 2021-11-03 | CVE-2021-37147 | Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |