Debian Security Vulnerabilities (CVEs)

CVE-2021-43579 is a stack-based buffer overflow vulnerability in HTMLDOC's BMP image processing function that allows remote code execution when proces...

This CVE describes a directory traversal vulnerability in SphinxSearch that allows attackers to read arbitrary files on the server. When combined with...

CVE-2022-21664 is an SQL injection vulnerability in WordPress caused by insufficient input sanitization in a core class. This allows attackers to exec...

CVE-2022-21661 is an SQL injection vulnerability in WordPress's WP_Query class due to improper input sanitization. This allows attackers to execute ar...

CVE-2021-45972 is a stack-based buffer overflow vulnerability in giftrans 1.12.2's giftrans function, where attacker-controlled input determines how m...

This vulnerability in Ruby's CGI::Cookie.parse function mishandles security prefixes in cookie names, allowing attackers to bypass cookie security mec...

CVE-2021-41817 is a regular expression denial of service (ReDoS) vulnerability in Ruby's date gem. Attackers can cause denial of service by sending sp...

This vulnerability in Wireshark's BitTorrent DHT dissector allows attackers to cause a denial of service (DoS) by triggering an infinite loop. Attacke...

CVE-2021-45909 is a heap-based buffer overflow vulnerability in gif2apng's DecodeLZW function that allows attackers to write arbitrary data beyond buf...

CVE-2021-45911 is a heap-based buffer overflow vulnerability in gif2apng 1.9 that allows attackers to write 2 bytes outside buffer boundaries. This af...

CVE-2021-43845 is an out-of-bounds read vulnerability in PJSIP multimedia communication library versions 2.11.1 and earlier. A malicious actor can sen...

CVE-2021-4166 is an out-of-bounds read vulnerability in Vim text editor that allows attackers to read memory contents beyond allocated buffers. This a...

This vulnerability allows an attacker to trigger an out-of-bounds memory access in the Linux kernel's F2FS filesystem when processing extended attribu...

This is a use-after-free vulnerability in Chrome's developer tools that allows remote attackers to potentially exploit heap corruption via a crafted H...

This vulnerability is a use-after-free memory corruption flaw in Chrome's autofill feature that allows attackers to potentially execute arbitrary code...

This is a use-after-free vulnerability in ChromeOS's window manager that allows remote attackers to potentially exploit heap corruption via a crafted ...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that allows a remote attacker to potentially exploit heap corruption. Att...

This is a use-after-free vulnerability in Chrome's storage foundation that allows remote attackers to potentially exploit heap corruption via crafted ...

This vulnerability in Google Chrome allowed malicious extensions to bypass navigation restrictions, enabling attackers to redirect users to malicious ...

This vulnerability allows attackers to bypass iframe sandbox navigation restrictions in Google Chrome, potentially enabling malicious websites to perf...

This is a use-after-free vulnerability in Google Chrome's web app component that allows heap corruption. Attackers can exploit it by tricking users in...

This vulnerability is a heap buffer overflow in Google Chrome extensions that allows an attacker to potentially exploit heap corruption. It affects us...

This is a use-after-free vulnerability in Chrome's file API that allows a remote attacker who has already compromised the renderer process to potentia...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that could allow an attacker to execute arbitrary code or cause heap corr...

This is a use-after-free vulnerability in Chrome's loader component that allows remote attackers to potentially exploit heap corruption via a crafted ...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that could allow a remote attacker to trigger heap corruption. Attackers ...

CVE-2021-37706 is an integer underflow vulnerability in PJSIP's STUN message processing that allows remote code execution. Attackers on the same netwo...

This CVE describes a use-after-free vulnerability in the TEE subsystem of the Linux kernel caused by a race condition in tee_shm_get_from_id. Attacker...

This vulnerability in Apache HTTP Server allows attackers to crash the server via NULL pointer dereference or perform Server-Side Request Forgery (SSR...

This vulnerability allows attackers to bypass HTTP-based intrusion detection signatures in Suricata by sending a crafted RST TCP packet with random TC...

This vulnerability in GNU Binutils allows attackers to trigger a heap-based buffer overflow via the stab_xcoff_builtin_type function in stabs.c. It ca...

This CVE describes memory safety bugs in Mozilla products that could lead to memory corruption. With sufficient effort, attackers could potentially ex...

This vulnerability involves an incorrect type conversion from 64-bit to 32-bit integers in Mozilla products, allowing memory corruption that could lea...

A use-after-free vulnerability in Mozilla's WebAssembly (wasm) implementation could allow an attacker to cause memory corruption and potentially execu...

This Django vulnerability allows attackers to bypass URL-based access controls by appending trailing newlines to HTTP request URLs. Attackers could ac...

CVE-2021-42717 is a denial-of-service vulnerability in ModSecurity's JSON parser where excessively nested JSON objects cause excessive CPU consumption...

CVE-2021-4069 is a use-after-free vulnerability in Vim that could allow an attacker to execute arbitrary code by tricking a user into opening a specia...

CVE-2021-44227 is a Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman that allows authenticated list members or moderators to obtain CSRF...

CVE-2021-4019 is a heap-based buffer overflow vulnerability in Vim text editor that allows attackers to execute arbitrary code by tricking users into ...

This heap-based buffer overflow vulnerability in BlueZ's bluetoothd service allows attackers to execute arbitrary code or cause denial of service by s...

This vulnerability in Xen hypervisor allows x86 HVM and PVH guests to cause memory corruption through improper error handling in partially successful ...

CVE-2021-28706 is an integer overflow vulnerability in Xen hypervisor memory management that allows virtual machine guests to exceed their allocated m...