Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-09 CVE-2021-20272 Reachable Assertion vulnerability in multiple products
A flaw was found in privoxy before 3.0.32.
network
low complexity
privoxy debian CWE-617
5.0
2021-03-07 CVE-2021-27365 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.3.
local
low complexity
linux debian oracle netapp CWE-787
4.6
2021-03-05 CVE-2021-28038 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV.
local
low complexity
linux debian netapp CWE-770
6.5
2021-02-27 CVE-2021-25284 Insufficiently Protected Credentials vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-522
4.4
2021-02-27 CVE-2020-28972 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
network
high complexity
saltstack fedoraproject debian CWE-295
5.9
2021-02-26 CVE-2020-27618 Infinite Loop vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
local
low complexity
gnu netapp oracle debian CWE-835
5.5
2021-02-26 CVE-2020-27223 Resource Exhaustion vulnerability in multiple products
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e.
network
low complexity
eclipse apache netapp debian oracle CWE-400
5.3
2021-02-26 CVE-2021-23978 Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7.
network
mozilla debian
6.8
2021-02-26 CVE-2021-23961 Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.
network
mozilla debian
4.3
2021-02-26 CVE-2021-21330 Open Redirect vulnerability in multiple products
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
network
low complexity
aiohttp debian fedoraproject CWE-601
6.1