Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-02 CVE-2021-37995 Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
google debian
4.3
2021-11-02 CVE-2021-37996 Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
network
google debian CWE-20
4.3
2021-10-27 CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.
network
low complexity
isc debian fedoraproject netapp siemens oracle
5.3
2021-10-26 CVE-2021-41182 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41183 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-21 CVE-2021-42715 Infinite Loop vulnerability in multiple products
An issue was discovered in stb stb_image.h 1.33 through 2.27.
local
low complexity
nothings fedoraproject debian CWE-835
5.5
2021-10-21 CVE-2021-42096 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
GNU Mailman before 2.1.35 may allow remote Privilege Escalation.
network
low complexity
gnu debian CWE-307
4.3
2021-10-20 CVE-2021-42762 BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace.
local
low complexity
webkitgtk wpewebkit fedoraproject debian
5.3
2021-10-20 CVE-2021-35550 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).
network
high complexity
oracle netapp fedoraproject debian
5.9
2021-10-20 CVE-2021-35556 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).
network
low complexity
oracle netapp debian fedoraproject
5.3