Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-08 CVE-2021-26910 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
local
high complexity
firejail-project debian CWE-367
7.0
2021-02-02 CVE-2021-21289 OS Command Injection vulnerability in multiple products
Mechanize is an open-source ruby library that makes automated web interaction easy.
network
high complexity
mechanize-project fedoraproject debian CWE-78
8.3
2021-02-01 CVE-2021-3348 Use After Free vulnerability in multiple products
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.
local
high complexity
linux debian CWE-416
7.0
2021-01-29 CVE-2021-3347 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.10.11.
local
low complexity
linux debian fedoraproject CWE-416
7.8
2021-01-27 CVE-2021-3326 Reachable Assertion vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
network
low complexity
gnu netapp oracle fujitsu debian CWE-617
7.5
2021-01-27 CVE-2021-26117 Improper Authentication vulnerability in multiple products
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server.
network
low complexity
apache netapp debian oracle CWE-287
7.5
2021-01-26 CVE-2021-3156 Off-by-one Error vulnerability in multiple products
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
7.8
2021-01-26 CVE-2020-36230 Reachable Assertion vulnerability in multiple products
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
network
low complexity
openldap debian apple apache CWE-617
7.5
2021-01-26 CVE-2020-36229 Type Confusion vulnerability in multiple products
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.
network
low complexity
openldap debian apple CWE-843
7.5
2021-01-26 CVE-2020-36228 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
network
low complexity
openldap debian apple CWE-191
7.5