Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-07 CVE-2021-38166 Integer Overflow or Wraparound vulnerability in multiple products
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket.
local
low complexity
linux fedoraproject debian CWE-190
7.8
2021-08-07 CVE-2021-38160 Classic Buffer Overflow vulnerability in multiple products
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size.
local
low complexity
linux netapp debian redhat CWE-120
7.8
2021-08-05 CVE-2021-3580 Improper Input Validation vulnerability in multiple products
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext.
network
low complexity
nettle-project redhat debian netapp CWE-20
7.5
2021-08-05 CVE-2021-3682 Release of Invalid Pointer or Reference vulnerability in multiple products
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2.
network
high complexity
qemu redhat debian CWE-763
8.5
2021-08-03 CVE-2021-30560 Use After Free vulnerability in multiple products
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google xmlsoft debian splunk CWE-416
8.8
2021-08-02 CVE-2021-33196 Improper Input Validation vulnerability in multiple products
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
network
low complexity
golang debian CWE-20
7.5
2021-07-30 CVE-2021-31799 OS Command Injection vulnerability in multiple products
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
local
high complexity
debian ruby-lang oracle CWE-78
7.0
2021-07-30 CVE-2021-32610 Link Following vulnerability in multiple products
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
local
low complexity
php debian fedoraproject CWE-59
7.1
2021-07-26 CVE-2021-31292 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.
network
low complexity
exiv2 debian fedoraproject CWE-190
7.5
2021-07-22 CVE-2021-32785 Use of Externally-Controlled Format String vulnerability in multiple products
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider.
network
low complexity
openidc netapp debian CWE-134
7.5