Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-26 | CVE-2021-23968 | Information Exposure Through an Error Message vulnerability in multiple products If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. | 4.3 |
| 2021-02-25 | CVE-2021-20203 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. | 3.2 |
| 2021-02-24 | CVE-2020-11987 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. | 8.2 |
| 2021-02-24 | CVE-2021-27645 | Double Free vulnerability in multiple products The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. | 2.5 |
| 2021-02-23 | CVE-2021-3410 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in libcaca v0.99.beta19. | 7.8 |
| 2021-02-23 | CVE-2021-3407 | Double Free vulnerability in multiple products A flaw was found in mupdf 1.18.0. | 5.5 |
| 2021-02-23 | CVE-2021-3405 | Out-of-bounds Write vulnerability in multiple products A flaw was found in libebml before 1.4.2. | 6.5 |
| 2021-02-23 | CVE-2021-20247 | Path Traversal vulnerability in multiple products A flaw was found in mbsync before v1.3.5 and v1.4.1. | 7.4 |
| 2021-02-23 | CVE-2020-27768 | Integer Overflow or Wraparound vulnerability in multiple products In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. | 3.3 |
| 2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |