Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2021-25290 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Pillow before 8.1.1. | 5.0 |
| 2021-03-18 | CVE-2021-3416 | Infinite Loop vulnerability in multiple products A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. | 6.0 |
| 2021-03-17 | CVE-2020-17525 | NULL Pointer Dereference vulnerability in multiple products Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. | 4.3 |
| 2021-03-17 | CVE-2017-20002 | Improper Privilege Management vulnerability in Debian Linux and Shadow The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. | 4.6 |
| 2021-03-15 | CVE-2021-22191 | Injection vulnerability in multiple products Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. | 6.8 |
| 2021-03-15 | CVE-2021-28374 | Cleartext Storage of Sensitive Information vulnerability in Debian Courier-Authlib and Debian Linux The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. | 5.0 |
| 2021-03-12 | CVE-2021-21366 | Misinterpretation of Input vulnerability in multiple products xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. | 4.3 |
| 2021-03-11 | CVE-2021-28153 | Link Following vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.8. | 5.3 |
| 2021-03-10 | CVE-2021-21375 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 6.5 |
| 2021-03-10 | CVE-2020-13959 | Cross-site Scripting vulnerability in multiple products The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. | 6.1 |