Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-07 CVE-2021-42717 Uncontrolled Recursion vulnerability in multiple products
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects.
network
low complexity
trustwave f5 debian oracle CWE-674
5.0
2021-12-06 CVE-2021-43784 Integer Overflow or Wraparound vulnerability in multiple products
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.
network
high complexity
linuxfoundation debian CWE-190
5.0
2021-11-29 CVE-2019-8921 Insufficient Verification of Data Authenticity vulnerability in multiple products
An issue was discovered in bluetoothd in BlueZ through 5.48.
low complexity
bluez debian CWE-345
6.5
2021-11-29 CVE-2021-21707 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them.
network
low complexity
php netapp debian tenable
5.3
2021-11-23 CVE-2021-37999 Cross-site Scripting vulnerability in multiple products
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-79
6.1
2021-11-23 CVE-2021-38000 Open Redirect vulnerability in multiple products
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-601
6.1
2021-11-23 CVE-2021-38004 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
4.3
2021-11-19 CVE-2021-39923 Excessive Iteration vulnerability in multiple products
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian CWE-834
5.0
2021-11-19 CVE-2021-44025 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
2021-11-17 CVE-2021-43975 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
local
low complexity
linux fedoraproject debian netapp CWE-787
6.7