Debian Linux vulnerabilities

9,911 known vulnerabilities affecting debian/debian_linux.

Total CVEs

9,911

CISA KEV

119

actively exploited

Public exploits

429

Exploited in wild

132

Severity breakdown

CRITICAL1128HIGH4110MEDIUM4311LOW362

Vulnerabilities

Page 141 of 496

CVE-2021-37978HIGHCVSS 8.8v10.0v11.02021-11-02

CVE-2021-37978 [HIGH] CWE-787 CVE-2021-37978: Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to po Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-37989MEDIUMCVSS 6.5v10.0v11.02021-11-02

CVE-2021-37989 [MEDIUM] CVE-2021-37989: Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attack Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.

nvd

CVE-2021-37994MEDIUMCVSS 6.5v10.0v11.02021-11-02

CVE-2021-37994 [MEDIUM] CVE-2021-37994: Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remo Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

nvd

CVE-2021-37990MEDIUMCVSS 5.5v10.0v11.02021-11-02

CVE-2021-37990 [MEDIUM] CVE-2021-37990: Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.

nvd

CVE-2021-37995MEDIUMCVSS 6.5v10.0v11.02021-11-02

CVE-2021-37995 [MEDIUM] CVE-2021-37995: Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a re Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

nvd

CVE-2021-37996MEDIUMCVSS 5.5v10.0v11.02021-11-02

CVE-2021-37996 [MEDIUM] CWE-20 CVE-2021-37996: Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.

nvd

CVE-2021-25219MEDIUMCVSS 5.3v9.0v10.0+1 more2021-10-27

CVE-2021-25219 [MEDIUM] CVE-2021-25219: In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9. In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.

nvd

CVE-2021-41182MEDIUMCVSS 6.1v9.02021-10-26

CVE-2021-41182 [MEDIUM] CWE-79 CVE-2021-41182: jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the valu jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not acc

nvd

CVE-2021-41183MEDIUMCVSS 6.1v9.02021-10-26

CVE-2021-41183 [MEDIUM] CWE-79 CVE-2021-41183: jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the valu jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is

nvd

CVE-2021-21703HIGHCVSS 7.0v9.0v10.0+1 more2021-10-25

CVE-2021-21703 [HIGH] CWE-284 CVE-2021-21703: In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when ru In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way tha

nvd

CVE-2021-42097HIGHCVSS 8.0v10.02021-10-21

CVE-2021-42097 [HIGH] CWE-352 CVE-2021-42097: GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

nvd

CVE-2021-42715MEDIUMCVSS 5.5v10.02021-10-21

CVE-2021-42715 [MEDIUM] CWE-835 CVE-2021-42715: An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

nvd

CVE-2021-42096MEDIUMCVSS 4.3v10.02021-10-21

CVE-2021-42096 [MEDIUM] CWE-307 CVE-2021-42096: GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is deriv GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.

nvd

CVE-2021-42771HIGHCVSS 7.8v10.02021-10-20

CVE-2021-42771 [HIGH] CWE-22 CVE-2021-42771: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

nvd

CVE-2021-35578MEDIUMCVSS 5.3v9.0v10.0+1 more2021-10-20

CVE-2021-35578 [MEDIUM] CVE-2021-35578: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle Gra

nvd

CVE-2021-35550MEDIUMCVSS 5.9v9.0v10.0+1 more2021-10-20

CVE-2021-35550 [MEDIUM] CVE-2021-35550: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracl

nvd

CVE-2021-35586MEDIUMCVSS 5.3v9.0v10.0+1 more2021-10-20

CVE-2021-35586 [MEDIUM] CVE-2021-35586: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compr

nvd

CVE-2021-42762MEDIUMCVSS 5.3v10.0v11.02021-10-20

CVE-2021-42762 [MEDIUM] CVE-2021-42762: BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass tha BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that Web

nvd

CVE-2021-35565MEDIUMCVSS 5.3v9.0v10.0+1 more2021-10-20

CVE-2021-35565 [MEDIUM] CVE-2021-35565: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle

nvd

CVE-2021-35556MEDIUMCVSS 5.3v9.0v10.0+1 more2021-10-20

CVE-2021-35556 [MEDIUM] CVE-2021-35556: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to comprom

nvd

← Previous141 / 496Next →