Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-09 | CVE-2021-20272 | Reachable Assertion vulnerability in multiple products A flaw was found in privoxy before 3.0.32. | 5.0 |
| 2021-03-07 | CVE-2021-27365 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel through 5.11.3. | 4.6 |
| 2021-03-05 | CVE-2021-28038 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. | 6.5 |
| 2021-02-27 | CVE-2021-25284 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 4.4 |
| 2021-02-27 | CVE-2020-28972 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 5.9 |
| 2021-02-26 | CVE-2020-27618 | Infinite Loop vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | 5.5 |
| 2021-02-26 | CVE-2020-27223 | Resource Exhaustion vulnerability in multiple products In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. | 5.3 |
| 2021-02-26 | CVE-2021-23978 | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. | 6.8 |
| 2021-02-26 | CVE-2021-23961 | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. | 4.3 |
| 2021-02-26 | CVE-2021-21330 | Open Redirect vulnerability in multiple products aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 6.1 |