Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-07 | CVE-2021-38166 | Integer Overflow or Wraparound vulnerability in multiple products In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. | 7.8 |
2021-08-07 | CVE-2021-38160 | Classic Buffer Overflow vulnerability in multiple products In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. | 7.8 |
2021-08-05 | CVE-2021-3580 | Improper Input Validation vulnerability in multiple products A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. | 7.5 |
2021-08-05 | CVE-2021-3682 | Release of Invalid Pointer or Reference vulnerability in multiple products A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. | 8.5 |
2021-08-03 | CVE-2021-30560 | Use After Free vulnerability in multiple products Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-08-02 | CVE-2021-33196 | Improper Input Validation vulnerability in multiple products In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | 7.5 |
2021-07-30 | CVE-2021-31799 | OS Command Injection vulnerability in multiple products In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | 7.0 |
2021-07-30 | CVE-2021-32610 | Link Following vulnerability in multiple products In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. | 7.1 |
2021-07-26 | CVE-2021-31292 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. | 7.5 |
2021-07-22 | CVE-2021-32785 | Use of Externally-Controlled Format String vulnerability in multiple products mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. | 7.5 |