Vulnerabilities > Debian > Debian Linux > 11.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-27 | CVE-2020-35662 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | 7.4 |
| 2021-02-27 | CVE-2020-28972 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 5.9 |
| 2021-02-27 | CVE-2020-28243 | Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 7.8 |
| 2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |
| 2021-02-22 | CVE-2021-26119 | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | 7.5 |
| 2021-01-14 | CVE-2020-16119 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. | 7.8 |
| 2020-09-30 | CVE-2020-25626 | Cross-site Scripting vulnerability in multiple products A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. | 6.1 |
| 2020-06-04 | CVE-2020-13692 | XXE vulnerability in multiple products PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | 7.7 |
| 2020-04-27 | CVE-2020-9488 | Improper Certificate Validation vulnerability in multiple products Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. | 3.7 |
| 2020-01-28 | CVE-2020-0549 | Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |