Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-40330 git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
network
low complexity
git-scm debian
7.5
2021-08-30 CVE-2020-35633 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1.
network
low complexity
cgal debian CWE-129
8.8
2021-08-30 CVE-2020-35634 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1.
network
low complexity
cgal debian CWE-129
8.8
2021-08-30 CVE-2020-35635 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read.
network
low complexity
cgal debian CWE-129
8.8
2021-08-27 CVE-2021-28697 Race Condition vulnerability in multiple products
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory.
local
low complexity
xen fedoraproject debian CWE-362
7.8
2021-08-27 CVE-2021-23434 Type Confusion vulnerability in multiple products
This affects the package object-path before 0.11.6.
network
low complexity
object-path-project debian CWE-843
8.6
2021-08-27 CVE-2021-40153 Path Traversal vulnerability in multiple products
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash.
8.1
2021-08-25 CVE-2021-3713 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0.
low complexity
qemu debian CWE-787
7.4
2021-08-24 CVE-2021-30934 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow issue was addressed with improved memory handling.
network
low complexity
apple fedoraproject debian CWE-120
8.8
2021-08-24 CVE-2021-30936 Use After Free vulnerability in multiple products
A use after free issue was addressed with improved memory management.
network
low complexity
apple fedoraproject debian CWE-416
8.8