Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2021-02-24 CVE-2021-27645 Double Free vulnerability in multiple products
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system.
local
high complexity
gnu fedoraproject debian CWE-415
2.5
2021-02-23 CVE-2020-27768 Integer Overflow or Wraparound vulnerability in multiple products
In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h.
local
low complexity
imagemagick debian CWE-190
3.3
2021-01-26 CVE-2020-29443 Out-of-bounds Read vulnerability in multiple products
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
local
high complexity
qemu debian CWE-125
3.9
2021-01-20 CVE-2020-25686 Improperly Implemented Security Check for Standard vulnerability in multiple products
A flaw was found in dnsmasq before version 2.83.
network
high complexity
thekelleys fedoraproject debian arista CWE-358
3.7
2021-01-20 CVE-2020-25684 A flaw was found in dnsmasq before version 2.83.
network
high complexity
thekelleys fedoraproject debian arista
3.7
2021-01-20 CVE-2020-25685 Inadequate Encryption Strength vulnerability in multiple products
A flaw was found in dnsmasq before version 2.83.
network
high complexity
thekelleys fedoraproject debian arista CWE-326
3.7
2021-01-12 CVE-2021-23239 Link Following vulnerability in multiple products
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
2.5
2020-12-15 CVE-2020-29480 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
2.3
2020-12-14 CVE-2020-8284 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. 3.7
2020-12-10 CVE-2020-29668 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
network
high complexity
sympa fedoraproject debian CWE-565
3.7