Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-27 | CVE-2020-28972 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 5.9 |
2021-02-27 | CVE-2020-28243 | Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 7.8 |
2021-02-26 | CVE-2021-27803 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. | 7.5 |
2021-02-26 | CVE-2020-27618 | Infinite Loop vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | 5.5 |
2021-02-26 | CVE-2020-27223 | Resource Exhaustion vulnerability in multiple products In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. | 5.3 |
2021-02-26 | CVE-2021-23978 | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. | 6.8 |
2021-02-26 | CVE-2021-23961 | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. | 4.3 |
2021-02-26 | CVE-2021-21330 | Open Redirect vulnerability in multiple products aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 6.1 |
2021-02-26 | CVE-2021-23973 | Information Exposure Through an Error Message vulnerability in multiple products When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. | 4.3 |
2021-02-26 | CVE-2021-23969 | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. | 4.3 |