Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-16 | CVE-2021-27229 | Link Following vulnerability in multiple products Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | 6.8 |
2021-02-15 | CVE-2021-23336 | HTTP Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. | 5.9 |
2021-02-15 | CVE-2021-21702 | NULL Pointer Dereference vulnerability in multiple products In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. | 5.0 |
2021-02-15 | CVE-2020-7071 | Improper Input Validation vulnerability in multiple products In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. | 5.0 |
2021-02-14 | CVE-2021-26929 | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). | 4.3 |
2021-02-11 | CVE-2021-21311 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Adminer is an open-source database management in a single PHP file. | 6.4 |
2021-02-09 | CVE-2021-26675 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | 5.8 |
2021-02-08 | CVE-2021-26910 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | 6.9 |
2021-02-08 | CVE-2021-21290 | Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.5 |
2021-02-06 | CVE-2021-20176 | A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. | 5.5 |