Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2021-3114 | Incorrect Calculation vulnerability in multiple products In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. | 6.5 |
| 2021-01-21 | CVE-2021-21239 | Improper Verification of Cryptographic Signature vulnerability in multiple products PySAML2 is a pure python implementation of SAML Version 2 Standard. | 4.3 |
| 2021-01-20 | CVE-2020-25687 | Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 5.9 |
| 2021-01-20 | CVE-2020-25683 | Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 5.9 |
| 2021-01-19 | CVE-2020-14410 | Out-of-bounds Read vulnerability in multiple products SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. | 5.4 |
| 2021-01-19 | CVE-2021-3181 | Memory Leak vulnerability in multiple products rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). | 6.5 |
| 2021-01-19 | CVE-2021-3178 | Path Traversal vulnerability in multiple products fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. | 6.5 |
| 2021-01-18 | CVE-2020-28473 | HTTP Request Smuggling vulnerability in multiple products The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. | 5.8 |
| 2021-01-14 | CVE-2021-24122 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. | 5.9 |
| 2021-01-11 | CVE-2020-26298 | Injection vulnerability in multiple products Redcarpet is a Ruby library for Markdown processing. | 5.4 |