Debian: >> Debian Linux >> 11.0 Security Vulnerabilities
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVSS Score
9.6
EPSS Score
0.008
Published
2021-11-23
CVE-2021-38003
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Known exploited
CVSS Score
8.8
EPSS Score
0.764
Published
2021-11-23
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.004
Published
2021-11-23
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
CVSS Score
9.8
EPSS Score
0.088
Published
2021-11-22
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-11-19
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-11-19
A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-11-19
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVSS Score
7.5
EPSS Score
0.004
Published
2021-11-19
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVSS Score
7.5
EPSS Score
0.016
Published
2021-11-19
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
CVSS Score
7.5
EPSS Score
0.002
Published
2021-11-19