Vulnerabilities > Debian > Low

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-02	CVE-2021-21284	Path Traversal vulnerability in multiple products In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. low complexity docker debian netapp CWE-22	2.7
2021-01-26	CVE-2020-29443	Out-of-bounds Read vulnerability in multiple products ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. local high complexity qemu debian CWE-125	3.9
2021-01-20	CVE-2020-25686	Improperly Implemented Security Check for Standard vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. network high complexity thekelleys fedoraproject debian arista CWE-358	3.7
2021-01-20	CVE-2020-25684	A flaw was found in dnsmasq before version 2.83. network high complexity thekelleys fedoraproject debian arista	3.7
2021-01-20	CVE-2020-25685	Inadequate Encryption Strength vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. network high complexity thekelleys fedoraproject debian arista CWE-326	3.7
2021-01-12	CVE-2021-23239	Link Following vulnerability in multiple products The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. local high complexity sudo-project netapp fedoraproject debian CWE-59	2.5
2020-12-15	CVE-2020-29480	Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-862	2.3
2020-12-14	CVE-2020-8284	A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. network high complexity haxx fedoraproject debian netapp apple oracle fujitsu siemens splunk	3.7
2020-12-10	CVE-2020-29668	Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. network high complexity sympa fedoraproject debian CWE-565	3.7
2020-12-10	CVE-2020-27351	Missing Release of Resource after Effective Lifetime vulnerability in Debian Advanced Package Tool Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. local low complexity debian CWE-772	2.1