Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-03 CVE-2021-37148 Improper Input Validation vulnerability in multiple products
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-11-03 CVE-2021-37149 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-11-03 CVE-2021-38161 Improper Authentication vulnerability in multiple products
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.
network
high complexity
apache debian CWE-287
8.1
8.1
2021-11-03 CVE-2021-38496 Use After Free vulnerability in multiple products
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.
network
low complexity
mozilla debian CWE-416
8.8
8.8
2021-11-03 CVE-2021-38500 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1.
network
low complexity
mozilla debian
8.8
8.8
2021-11-02 CVE-2021-37982 Use After Free vulnerability in multiple products
Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
8.8
2021-11-02 CVE-2021-37983 Use After Free vulnerability in multiple products
Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
8.8
2021-11-02 CVE-2021-37984 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-787
8.8
8.8
2021-11-02 CVE-2021-37985 Use After Free vulnerability in multiple products
Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
8.8
2021-11-02 CVE-2021-37986 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-787
8.8
8.8