Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian debian linux 11.0 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-39263
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
Tuxera Ntfs-3g
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.3
CVSSv3
CVE-2021-46671
options.c in atftp prior to 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
Atftp Project Atftp
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2021-38171
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
Ffmpeg Ffmpeg 4.4
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2 Github repositories
3.7
CVSSv3
CVE-2021-41136
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p...
Puma Puma
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.1
CVSSv3
CVE-2022-23097
An issue exists in the DNS proxy in Connman up to and including 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
Intel Connman
Debian Debian Linux 9.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2022-23121
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper er...
Netatalk Netatalk
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.9
CVSSv3
CVE-2021-22895
Nextcloud Desktop Client prior to 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.
Nextcloud Desktop
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.3
CVSSv3
CVE-2021-39200
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to p...
Wordpress Wordpress
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.4
CVSSv3
CVE-2021-39201
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions im...
Wordpress Wordpress
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv3
CVE-2023-50761
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatc...
Mozilla Thunderbird
Debian Debian Linux 11.0
Debian Debian Linux 12.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »