Debian Linux vulnerabilities

9,911 known vulnerabilities affecting debian/debian_linux.

Total CVEs

9,911

CISA KEV

119

actively exploited

Public exploits

429

Exploited in wild

132

Severity breakdown

CRITICAL1128HIGH4110MEDIUM4311LOW362

Vulnerabilities

Page 140 of 496

CVE-2021-37149HIGHCVSS 7.5v10.0v11.02021-11-03

CVE-2021-37149 [HIGH] CWE-20 CVE-2021-37149: Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacke Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

nvd

CVE-2021-37148HIGHCVSS 7.5v10.0v11.02021-11-03

CVE-2021-37148 [HIGH] CWE-20 CVE-2021-37148: Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacke Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

nvd

CVE-2021-37147HIGHCVSS 7.5v10.0v11.02021-11-03

CVE-2021-37147 [HIGH] CWE-20 CVE-2021-37147: Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacke Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

nvd

CVE-2021-22960MEDIUMCVSS 6.5v11.02021-11-03

CVE-2021-22960 [MEDIUM] CWE-444 CVE-2021-22960: The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

nvd

CVE-2021-40985MEDIUMCVSS 5.5v9.02021-11-03

CVE-2021-40985 [MEDIUM] CWE-125 CVE-2021-40985: A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of serv A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.

nvd

CVE-2021-38502MEDIUMCVSS 5.9v9.0v10.0+1 more2021-11-03

CVE-2021-38502 [MEDIUM] CVE-2021-38502: Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM co Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication

nvd

CVE-2021-37981CRITICALCVSS 9.6v10.0v11.02021-11-02

CVE-2021-37981 [CRITICAL] CWE-787 CVE-2021-37981: Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who ha Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

nvd

CVE-2021-37980HIGHCVSS 7.4v10.0v11.02021-11-02

CVE-2021-37980 [HIGH] CVE-2021-37980: Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote atta Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.

nvd

CVE-2021-37988HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37988 [HIGH] CWE-416 CVE-2021-37988: Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who conv Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37991HIGHCVSS 7.5v10.0v11.02021-11-02

CVE-2021-37991 [HIGH] CWE-362 CVE-2021-37991: Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit h Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37984HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37984 [HIGH] CWE-787 CVE-2021-37984: Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to p Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37987HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37987 [HIGH] CWE-416 CVE-2021-37987: Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to p Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37986HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37986 [HIGH] CWE-787 CVE-2021-37986: Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37993HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37993 [HIGH] CWE-416 CVE-2021-37993: Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37983HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37983 [HIGH] CWE-416 CVE-2021-37983: Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to pote Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37982HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37982 [HIGH] CWE-416 CVE-2021-37982: Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to pote Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37992HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37992 [HIGH] CWE-125 CVE-2021-37992: Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to p Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37979HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37979 [HIGH] CWE-787 CVE-2021-37979: heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37985HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37985 [HIGH] CWE-416 CVE-2021-37985: Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convin Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37977HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37977 [HIGH] CWE-416 CVE-2021-37977: Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacke Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

← Previous140 / 496Next →