Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-27 | CVE-2021-25284 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 4.4 |
2021-02-27 | CVE-2020-28972 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 5.9 |
2021-02-26 | CVE-2020-27618 | Infinite Loop vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | 5.5 |
2021-02-26 | CVE-2020-27223 | Resource Exhaustion vulnerability in multiple products In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. | 5.3 |
2021-02-26 | CVE-2021-23978 | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. | 6.8 |
2021-02-26 | CVE-2021-23961 | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. | 4.3 |
2021-02-26 | CVE-2021-21330 | Open Redirect vulnerability in multiple products aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 6.1 |
2021-02-26 | CVE-2021-23973 | Information Exposure Through an Error Message vulnerability in multiple products When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. | 4.3 |
2021-02-26 | CVE-2021-23969 | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. | 4.3 |
2021-02-26 | CVE-2021-23968 | Information Exposure Through an Error Message vulnerability in multiple products If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. | 4.3 |