Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-18 | CVE-2021-41990 | Integer Overflow or Wraparound vulnerability in multiple products The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. | 7.5 |
2021-10-18 | CVE-2021-41991 | Integer Overflow or Wraparound vulnerability in multiple products The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. | 7.5 |
2021-10-18 | CVE-2021-38562 | Information Exposure Through Discrepancy vulnerability in multiple products Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | 7.5 |
2021-10-15 | CVE-2021-28021 | Out-of-bounds Write vulnerability in multiple products Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | 7.8 |
2021-10-14 | CVE-2021-42340 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. | 7.5 |
2021-10-11 | CVE-2021-42260 | Infinite Loop vulnerability in multiple products TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. | 7.5 |
2021-10-08 | CVE-2021-37956 | Use After Free vulnerability in multiple products Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-10-08 | CVE-2021-37957 | Use After Free vulnerability in multiple products Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-10-08 | CVE-2021-37959 | Use After Free vulnerability in multiple products Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-10-08 | CVE-2021-37961 | Use After Free vulnerability in multiple products Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |