Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-18 | CVE-2020-28473 | HTTP Request Smuggling vulnerability in multiple products The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. | 5.8 |
2021-01-14 | CVE-2021-24122 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. | 5.9 |
2021-01-11 | CVE-2020-26298 | Injection vulnerability in multiple products Redcarpet is a Ruby library for Markdown processing. | 5.4 |
2021-01-07 | CVE-2020-26976 | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. | 4.3 |
2021-01-06 | CVE-2020-8287 | HTTP Request Smuggling vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). | 6.5 |
2021-01-05 | CVE-2020-27845 | Out-of-bounds Read vulnerability in multiple products There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. | 5.5 |
2021-01-05 | CVE-2020-27843 | Out-of-bounds Read vulnerability in multiple products A flaw was found in OpenJPEG in versions prior to 2.4.0. | 5.5 |
2021-01-05 | CVE-2020-27842 | Out-of-bounds Read vulnerability in multiple products There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. | 5.5 |
2021-01-05 | CVE-2020-27841 | Heap-based Buffer Overflow vulnerability in multiple products There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. | 5.5 |
2021-01-05 | CVE-2020-36158 | Classic Buffer Overflow vulnerability in multiple products mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. | 6.7 |