Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-09 CVE-2021-43173 Resource Exhaustion vulnerability in multiple products
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive.
network
low complexity
nlnetlabs debian CWE-400
5.0
2021-11-09 CVE-2021-43174 Out-of-bounds Write vulnerability in multiple products
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories.
network
low complexity
nlnetlabs debian CWE-787
5.0
2021-11-04 CVE-2021-43389 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.14.15.
local
low complexity
linux redhat debian oracle CWE-125
5.5
2021-11-03 CVE-2021-22960 HTTP Request Smuggling vulnerability in multiple products
The parse function in llhttp < 2.1.4 and < 6.0.6.
network
low complexity
llhttp oracle debian CWE-444
6.5
2021-11-03 CVE-2021-40985 Out-of-bounds Read vulnerability in multiple products
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
local
low complexity
htmldoc-project debian CWE-125
5.5
2021-11-03 CVE-2021-38502 Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection.
network
mozilla debian
4.3
2021-11-02 CVE-2021-37981 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
6.8
2021-11-02 CVE-2021-37982 Use After Free vulnerability in multiple products
Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.8
2021-11-02 CVE-2021-37983 Use After Free vulnerability in multiple products
Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.8
2021-11-02 CVE-2021-37984 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.8