Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-25 | CVE-2021-3605 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. | 5.5 |
| 2021-08-24 | CVE-2021-30887 | A logic issue was addressed with improved restrictions. | 6.5 |
| 2021-08-24 | CVE-2021-30890 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2021-08-23 | CVE-2021-39140 | Infinite Loop vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 6.3 |
| 2021-08-23 | CVE-2021-3693 | Cross-site Scripting vulnerability in multiple products LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. | 6.8 |
| 2021-08-23 | CVE-2021-3694 | Cross-site Scripting vulnerability in multiple products LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. | 6.8 |
| 2021-08-23 | CVE-2021-3731 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. | 4.3 |
| 2021-08-23 | CVE-2021-37750 | NULL Pointer Dereference vulnerability in multiple products The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. | 6.5 |
| 2021-08-23 | CVE-2021-39371 | XXE vulnerability in multiple products An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. | 5.0 |
| 2021-08-22 | CVE-2021-39365 | Improper Certificate Validation vulnerability in multiple products In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. | 4.3 |