Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-09 | CVE-2021-43173 | Resource Exhaustion vulnerability in multiple products In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. | 5.0 |
| 2021-11-09 | CVE-2021-43174 | Out-of-bounds Write vulnerability in multiple products NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. | 5.0 |
| 2021-11-04 | CVE-2021-43389 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 5.14.15. | 5.5 |
| 2021-11-03 | CVE-2021-22960 | HTTP Request Smuggling vulnerability in multiple products The parse function in llhttp < 2.1.4 and < 6.0.6. | 6.5 |
| 2021-11-03 | CVE-2021-40985 | Out-of-bounds Read vulnerability in multiple products A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | 5.5 |
| 2021-11-03 | CVE-2021-38502 | Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. | 4.3 |
| 2021-11-02 | CVE-2021-37981 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 6.8 |
| 2021-11-02 | CVE-2021-37982 | Use After Free vulnerability in multiple products Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.8 |
| 2021-11-02 | CVE-2021-37983 | Use After Free vulnerability in multiple products Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.8 |
| 2021-11-02 | CVE-2021-37984 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.8 |