Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-21341 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
7.5
2021-03-19 CVE-2021-28831 Improper Handling of Exceptional Conditions vulnerability in multiple products
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
network
low complexity
busybox fedoraproject debian CWE-755
7.5
2021-03-19 CVE-2020-25097 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4.
network
low complexity
squid-cache debian fedoraproject netapp CWE-444
8.6
2021-03-19 CVE-2021-25290 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Pillow before 8.1.1.
network
low complexity
python debian CWE-787
7.5
2021-03-19 CVE-2021-27928 Code Injection vulnerability in multiple products
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL.
network
low complexity
mariadb percona galeracluster debian CWE-94
7.2
2021-03-17 CVE-2021-28660 Out-of-bounds Write vulnerability in multiple products
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array.
8.8
2021-03-17 CVE-2021-27291 In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions.
network
low complexity
pygments debian fedoraproject
7.5
2021-03-17 CVE-2020-17525 NULL Pointer Dereference vulnerability in multiple products
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL.
network
low complexity
apache debian CWE-476
7.5
2021-03-17 CVE-2017-20002 Improper Privilege Management vulnerability in Debian Linux and Shadow
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty.
local
low complexity
debian CWE-269
7.8
2021-03-16 CVE-2021-21193 Use After Free vulnerability in multiple products
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8