Debian Linux vulnerabilities
9,911 known vulnerabilities affecting debian/debian_linux.
Total CVEs
9,911
CISA KEV
119
actively exploited
Public exploits
429
Exploited in wild
132
Severity breakdown
CRITICAL1128HIGH4110MEDIUM4311LOW362
Vulnerabilities
Page 142 of 496
CVE-2021-35564MEDIUMCVSS 5.3v9.0v10.0+1 more2021-10-20
CVE-2021-35564 [MEDIUM] CVE-2021-35564: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compr
nvd
CVE-2021-35561MEDIUMCVSS 5.3v9.0v10.0+1 more2021-10-20
CVE-2021-35561 [MEDIUM] CVE-2021-35561: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compr
nvd
CVE-2021-35567MEDIUMCVSS 6.8v9.0v10.0+1 more2021-10-20
CVE-2021-35567 [MEDIUM] CVE-2021-35567: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, O
nvd
CVE-2021-42739MEDIUMCVSS 6.7v9.02021-10-20
CVE-2021-42739 [MEDIUM] CWE-787 CVE-2021-42739: The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
nvd
CVE-2021-35559MEDIUMCVSS 5.3v9.0v10.0+1 more2021-10-20
CVE-2021-35559 [MEDIUM] CWE-400 CVE-2021-35559: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to
nvd
CVE-2021-35588LOWCVSS 3.1v9.02021-10-20
CVE-2021-35588 [LOW] CVE-2021-35588: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE,
nvd
CVE-2021-35603LOWCVSS 3.7v9.0v10.0+1 more2021-10-20
CVE-2021-35603 [LOW] CVE-2021-35603: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Orac
nvd
CVE-2021-37137HIGHCVSS 7.5v10.0v11.02021-10-19
CVE-2021-37137 [HIGH] CWE-400 CVE-2021-37137: The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memo
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size
nvd
CVE-2021-37136HIGHCVSS 7.5v10.0v11.02021-10-19
CVE-2021-37136 [HIGH] CWE-400 CVE-2021-37136: The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
nvd
CVE-2021-30846HIGHCVSS 7.8v10.0v11.02021-10-19
CVE-2021-30846 [HIGH] CWE-787 CVE-2021-30846: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2021-41991HIGHCVSS 7.5v9.0v10.0+1 more2021-10-18
CVE-2021-41991 [HIGH] CWE-190 CVE-2021-41991: The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiv
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote c
nvd
CVE-2021-41990HIGHCVSS 7.5v10.0v11.02021-10-18
CVE-2021-41990 [HIGH] CWE-190 CVE-2021-41990: The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate wi
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
nvd
CVE-2021-38562HIGHCVSS 7.5v9.02021-10-18
CVE-2021-38562 [HIGH] CWE-203 CVE-2021-38562: Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
nvd
CVE-2021-28021HIGHCVSS 7.8v10.02021-10-15
CVE-2021-28021 [HIGH] CWE-787 CVE-2021-28021: Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a craf
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
nvd
CVE-2021-42340HIGHCVSS 7.5v11.02021-10-14
CVE-2021-42340 [HIGH] CWE-772 CVE-2021-42340: The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could le
nvd
CVE-2021-40732MEDIUMCVSS 6.1v10.02021-10-13
CVE-2021-40732 [MEDIUM] CWE-476 CVE-2021-40732: XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability tha
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted
nvd
CVE-2021-25634HIGHCVSS 7.5v11.02021-10-12
CVE-2021-25634 [HIGH] CWE-295 CVE-2021-25634: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting vis
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an addit
nvd
CVE-2021-42326MEDIUMCVSS 5.3v9.02021-10-12
CVE-2021-42326 [MEDIUM] CVE-2021-42326: Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
nvd
CVE-2021-3671MEDIUMCVSS 6.5v10.0v11.02021-10-12
CVE-2021-3671 [MEDIUM] CWE-476 CVE-2021-3671: A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
nvd
CVE-2021-41136LOWCVSS 3.7v10.0v11.02021-10-12
CVE-2021-41136 [LOW] CWE-444 CVE-2021-41136: Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy whi
nvd