Vulnerabilities > Debian > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-27645 | Double Free vulnerability in multiple products The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. | 2.5 |
| 2021-02-23 | CVE-2020-27768 | Integer Overflow or Wraparound vulnerability in multiple products In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. | 3.3 |
| 2021-01-26 | CVE-2020-29443 | Out-of-bounds Read vulnerability in multiple products ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | 3.9 |
| 2021-01-20 | CVE-2020-25686 | Improperly Implemented Security Check for Standard vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 3.7 |
| 2021-01-20 | CVE-2020-25684 | A flaw was found in dnsmasq before version 2.83. | 3.7 |
| 2021-01-20 | CVE-2020-25685 | Inadequate Encryption Strength vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 3.7 |
| 2021-01-12 | CVE-2021-23239 | Link Following vulnerability in multiple products The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | 2.5 |
| 2020-12-15 | CVE-2020-29480 | Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 2.3 |
| 2020-12-14 | CVE-2020-8284 | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | 3.7 |
| 2020-12-10 | CVE-2020-29668 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. | 3.7 |