Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-16 CVE-2021-41079 Infinite Loop vulnerability in multiple products
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets.
network
low complexity
apache debian netapp CWE-835
7.5
2021-09-15 CVE-2021-3796 Use After Free vulnerability in multiple products
vim is vulnerable to Use After Free
local
low complexity
vim fedoraproject debian netapp CWE-416
7.3
2021-09-15 CVE-2021-3778 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian netapp CWE-122
7.8
2021-09-14 CVE-2021-41072 Link Following vulnerability in multiple products
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153.
network
low complexity
squashfs-tools-project debian CWE-59
8.1
2021-09-08 CVE-2021-40346 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
network
low complexity
haproxy debian fedoraproject CWE-190
7.5
2021-09-08 CVE-2021-21897 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0.
network
low complexity
ribbonsoft fedoraproject debian CWE-191
8.8
2021-09-08 CVE-2021-21996 An issue was discovered in SaltStack Salt before 3003.3.
network
high complexity
saltstack fedoraproject debian
7.5
2021-09-08 CVE-2021-28701 Race Condition vulnerability in multiple products
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.
local
high complexity
xen debian fedoraproject CWE-362
7.8
2021-09-07 CVE-2021-33286 Out-of-bounds Write vulnerability in multiple products
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
local
low complexity
tuxera debian CWE-787
7.8
2021-09-07 CVE-2021-33287 Out-of-bounds Write vulnerability in multiple products
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
local
low complexity
tuxera debian fedoraproject CWE-787
7.8