Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2021-04-09 CVE-2021-30155 Missing Authorization vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian CWE-862
4.0
2021-04-09 CVE-2021-30152 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian CWE-732
4.0
2021-04-06 CVE-2021-30158 Improper Authentication vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian CWE-287
5.0
2021-04-06 CVE-2021-30157 Cross-Site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
4.3
2021-03-30 CVE-2021-21409 Http Request Smuggling vulnerability in multiple products
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty debian CWE-444
5.0
2021-03-29 CVE-2021-23358 Code Injection vulnerability in multiple products
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
network
low complexity
underscorejs debian CWE-94
7.5
2021-03-25 CVE-2021-3449 Null Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
4.3
2021-03-22 CVE-2021-28963 Injection vulnerability in multiple products
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
network
low complexity
shibboleth debian CWE-74
5.0
2021-03-21 CVE-2021-28957 Cross-Site Scripting vulnerability in multiple products
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3.
network
lxml debian CWE-79
4.3
2021-03-20 CVE-2020-27171 Off-By-One Error vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.11.8.
local
low complexity
linux fedoraproject debian CWE-193
3.6