Debian Linux vulnerabilities

9,911 known vulnerabilities affecting debian/debian_linux.

Total CVEs

9,911

CISA KEV

119

actively exploited

Public exploits

429

Exploited in wild

132

Severity breakdown

CRITICAL1128HIGH4110MEDIUM4311LOW362

Vulnerabilities

Page 151 of 496

CVE-2021-30934HIGHCVSS 8.8v10.0v11.02021-08-24

CVE-2021-30934 [HIGH] CWE-120 CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

nvd

CVE-2021-30858HIGHCVSS 8.8KEVv10.0v11.02021-08-24

CVE-2021-30858 [HIGH] CWE-416 CVE-2021-30858: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

nvd

CVE-2021-30936HIGHCVSS 8.8v10.0v11.02021-08-24

CVE-2021-30936 [HIGH] CWE-416 CVE-2021-30936: A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

nvd

CVE-2021-30952HIGHCVSS 7.8KEVv10.0v11.02021-08-24

CVE-2021-30952 [HIGH] CWE-190 CVE-2021-30952: An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

nvd

CVE-2021-30951HIGHCVSS 8.8v10.0v11.02021-08-24

CVE-2021-30951 [HIGH] CWE-416 CVE-2021-30951: A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

nvd

CVE-2021-30954HIGHCVSS 7.8v10.0v11.02021-08-24

CVE-2021-30954 [HIGH] CWE-843 CVE-2021-30954: A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2 A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

nvd

CVE-2021-30890MEDIUMCVSS 6.1v10.0v11.02021-08-24

CVE-2021-30890 [MEDIUM] CWE-79 CVE-2021-30890: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.

nvd

CVE-2021-30887MEDIUMCVSS 6.5v10.0v11.02021-08-24

CVE-2021-30887 [MEDIUM] CVE-2021-30887: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.

nvd

CVE-2021-3694CRITICALCVSS 9.6v10.0v11.02021-08-23

CVE-2021-3694 [CRITICAL] CWE-79 CVE-2021-3694: LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a special LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

nvd

CVE-2021-3693CRITICALCVSS 9.6v10.0v11.02021-08-23

CVE-2021-3693 [CRITICAL] CWE-79 CVE-2021-3693: LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a sp LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

nvd

CVE-2020-36475HIGHCVSS 7.5v9.0v10.02021-08-23

CVE-2020-36475 [HIGH] CWE-131 CVE-2020-36475: An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

nvd

CVE-2021-39154HIGHCVSS 8.5v9.0v10.0+1 more2021-08-23

CVE-2021-39154 [HIGH] CWE-434 CVE-2021-39154: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

nvd

CVE-2020-36476HIGHCVSS 7.5v9.0v10.02021-08-23

CVE-2020-36476 [HIGH] CWE-212 CVE-2020-36476: An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). The An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

nvd

CVE-2021-39153HIGHCVSS 8.5v9.0v10.0+1 more2021-08-23

CVE-2021-39153 [HIGH] CWE-434 CVE-2021-39153: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is aff

nvd

CVE-2021-39152HIGHCVSS 8.5PoCv9.0v10.0+1 more2021-08-23

CVE-2021-39152 [HIGH] CWE-502 CVE-2021-39152: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to

nvd

CVE-2020-18771HIGHCVSS 8.1v10.02021-08-23

CVE-2020-18771 [HIGH] CWE-125 CVE-2020-18771: Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in ni Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.

nvd

CVE-2021-39141HIGHCVSS 8.5PoCv9.0v10.0+1 more2021-08-23

CVE-2021-39141 [HIGH] CWE-434 CVE-2021-39141: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

nvd

CVE-2021-39146HIGHCVSS 8.5PoCv9.0v10.0+1 more2021-08-23

CVE-2021-39146 [HIGH] CWE-434 CVE-2021-39146: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

nvd

CVE-2021-39139HIGHCVSS 8.8v9.0v10.0+1 more2021-08-23

CVE-2021-39139 [HIGH] CWE-434 CVE-2021-39139: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario c

nvd

CVE-2021-39149HIGHCVSS 8.5v9.0v10.0+1 more2021-08-23

CVE-2021-39149 [HIGH] CWE-434 CVE-2021-39149: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

nvd

← Previous151 / 496Next →