Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-16 CVE-2021-27229 Link Following vulnerability in multiple products
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
network
mumble debian CWE-59
6.8
2021-02-15 CVE-2021-23336 HTTP Request Smuggling vulnerability in multiple products
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking.
5.9
2021-02-15 CVE-2021-21702 NULL Pointer Dereference vulnerability in multiple products
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
network
low complexity
php debian netapp oracle CWE-476
5.0
2021-02-15 CVE-2020-7071 Improper Input Validation vulnerability in multiple products
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL.
network
low complexity
php debian netapp CWE-20
5.0
2021-02-14 CVE-2021-26929 Cross-site Scripting vulnerability in multiple products
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used).
network
horde debian CWE-79
4.3
2021-02-11 CVE-2021-21311 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Adminer is an open-source database management in a single PHP file.
network
low complexity
adminer debian CWE-918
6.4
2021-02-09 CVE-2021-26675 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
low complexity
intel debian opensuse CWE-787
5.8
2021-02-08 CVE-2021-26910 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
6.9
2021-02-08 CVE-2021-21290 Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
local
low complexity
netty debian quarkus oracle netapp CWE-379
5.5
2021-02-06 CVE-2021-20176 A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c.
local
low complexity
imagemagick debian
5.5