Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-25 | CVE-2021-21703 | Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. | 7.0 |
2021-10-21 | CVE-2021-42097 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products GNU Mailman before 2.1.35 may allow remote Privilege Escalation. | 8.0 |
2021-10-20 | CVE-2021-42771 | Path Traversal vulnerability in multiple products Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. | 7.8 |
2021-10-19 | CVE-2021-37136 | Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). | 7.5 |
2021-10-19 | CVE-2021-37137 | Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. | 7.5 |
2021-10-19 | CVE-2021-30846 | Out-of-bounds Write vulnerability in multiple products A memory corruption issue was addressed with improved memory handling. | 7.8 |
2021-10-19 | CVE-2021-3872 | vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
2021-10-18 | CVE-2021-41990 | Integer Overflow or Wraparound vulnerability in multiple products The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. | 7.5 |
2021-10-18 | CVE-2021-41991 | Integer Overflow or Wraparound vulnerability in multiple products The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. | 7.5 |
2021-10-18 | CVE-2021-38562 | Information Exposure Through Discrepancy vulnerability in multiple products Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | 7.5 |