Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-15 CVE-2021-28021 Out-of-bounds Write vulnerability in multiple products
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
local
low complexity
stb-project fedoraproject debian CWE-787
7.8
7.8
2021-10-14 CVE-2021-42340 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak.
network
low complexity
apache netapp debian oracle CWE-772
7.5
7.5
2021-10-12 CVE-2021-25634 Improper Certificate Validation vulnerability in multiple products
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid.
network
low complexity
libreoffice debian CWE-295
7.5
7.5
2021-10-11 CVE-2021-42260 Infinite Loop vulnerability in multiple products
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case.
network
low complexity
tinyxml-project debian CWE-835
7.5
7.5
2021-10-11 CVE-2021-25633 Improper Certificate Validation vulnerability in multiple products
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid.
network
low complexity
libreoffice debian CWE-295
7.5
7.5
2021-10-08 CVE-2021-37956 Use After Free vulnerability in multiple products
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-10-08 CVE-2021-37957 Use After Free vulnerability in multiple products
Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-10-08 CVE-2021-37959 Use After Free vulnerability in multiple products
Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-10-08 CVE-2021-37961 Use After Free vulnerability in multiple products
Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-10-08 CVE-2021-37962 Use After Free vulnerability in multiple products
Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8