Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-26 CVE-2021-23961 Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.
network
low complexity
mozilla debian
7.4
2021-02-24 CVE-2020-11987 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel.
network
low complexity
apache fedoraproject oracle debian CWE-918
8.2
2021-02-23 CVE-2021-3410 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in libcaca v0.99.beta19.
7.8
2021-02-23 CVE-2021-20247 Path Traversal vulnerability in multiple products
A flaw was found in mbsync before v1.3.5 and v1.4.1.
network
high complexity
mbsync-project debian fedoraproject CWE-22
7.4
2021-02-22 CVE-2021-26119 Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.
network
low complexity
smarty debian
7.5
2021-02-18 CVE-2021-27379 An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges.
local
low complexity
xen debian
7.8
2021-02-17 CVE-2020-8625 Classic Buffer Overflow vulnerability in multiple products
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.
network
high complexity
isc debian fedoraproject siemens netapp CWE-120
8.1
2021-02-17 CVE-2021-26720 Link Following vulnerability in multiple products
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon.
local
low complexity
avahi debian CWE-59
7.8
2021-02-17 CVE-2021-26930 An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen.
local
low complexity
linux fedoraproject debian
7.8
2021-02-16 CVE-2021-23840 Integer Overflow or Wraparound vulnerability in multiple products
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform.
7.5