Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21148 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-05-17 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2007-4476 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Tar 2021-05-17 7.5 HIGH N/A
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
CVE-2020-18032 2 Debian, Graphviz 2 Debian Linux, Graphviz 2021-05-17 6.8 MEDIUM 7.8 HIGH
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
CVE-2021-28374 1 Debian 2 Courier-authlib, Debian Linux 2021-05-17 5.0 MEDIUM 7.5 HIGH
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash).
CVE-2021-21409 2 Debian, Netty 2 Debian Linux, Netty 2021-05-17 5.0 MEDIUM 5.9 MEDIUM
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CVE-2021-22204 2 Debian, Exiftool Project 2 Debian Linux, Exiftool 2021-05-16 6.8 MEDIUM 7.8 HIGH
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVE-2021-21202 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 6.8 MEDIUM 8.6 HIGH
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2021-21219 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 4.3 MEDIUM 5.5 MEDIUM
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
CVE-2021-21221 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 4.3 MEDIUM 6.5 MEDIUM
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
CVE-2021-21228 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
CVE-2021-21214 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 6.8 MEDIUM 8.8 HIGH
Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2021-21212 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 4.3 MEDIUM 6.5 MEDIUM
Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.
CVE-2021-21210 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.
CVE-2021-21207 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 6.8 MEDIUM 8.6 HIGH
Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2021-21201 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 6.8 MEDIUM 9.6 CRITICAL
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21203 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 6.8 MEDIUM 8.8 HIGH
Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21216 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21204 3 Apple, Debian, Google 3 Mac Os X, Debian Linux, Chrome 2021-05-14 6.8 MEDIUM 8.8 HIGH
Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21215 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21211 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.