Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-25 CVE-2021-21703 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
local
high complexity
php debian fedoraproject netapp oracle CWE-787
7.0
2021-10-21 CVE-2021-42097 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
GNU Mailman before 2.1.35 may allow remote Privilege Escalation.
network
low complexity
gnu debian CWE-352
8.0
2021-10-20 CVE-2021-42771 Path Traversal vulnerability in multiple products
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
local
low complexity
pocoo debian CWE-22
7.8
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
2021-10-19 CVE-2021-30846 Out-of-bounds Write vulnerability in multiple products
A memory corruption issue was addressed with improved memory handling.
local
low complexity
apple debian fedoraproject CWE-787
7.8
2021-10-19 CVE-2021-3872 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian
7.8
2021-10-18 CVE-2021-41990 Integer Overflow or Wraparound vulnerability in multiple products
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature.
network
low complexity
strongswan debian fedoraproject siemens CWE-190
7.5
2021-10-18 CVE-2021-41991 Integer Overflow or Wraparound vulnerability in multiple products
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries.
network
low complexity
strongswan debian fedoraproject siemens CWE-190
7.5
2021-10-18 CVE-2021-38562 Information Exposure Through Discrepancy vulnerability in multiple products
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
network
low complexity
bestpractical fedoraproject debian CWE-203
7.5