Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-3634 Out-of-bounds Write vulnerability in multiple products
A flaw has been found in libssh in versions prior to 0.9.6.
6.5
2021-08-27 CVE-2021-28694 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered.
low complexity
xen fedoraproject debian
6.8
2021-08-27 CVE-2021-28695 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered.
low complexity
xen fedoraproject debian
6.8
2021-08-27 CVE-2021-28696 Incorrect Authorization vulnerability in multiple products
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered.
low complexity
xen fedoraproject debian CWE-863
6.8
2021-08-27 CVE-2021-28698 Infinite Loop vulnerability in multiple products
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains.
local
low complexity
xen fedoraproject debian CWE-835
5.5
2021-08-27 CVE-2021-28699 inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status.
local
low complexity
xen fedoraproject debian
5.5
2021-08-27 CVE-2021-28700 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen.
network
low complexity
xen fedoraproject debian CWE-770
4.9
2021-08-27 CVE-2020-23226 Cross-site Scripting vulnerability in multiple products
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.
network
low complexity
cacti debian CWE-79
6.1
2021-08-25 CVE-2021-3605 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5.
local
low complexity
openexr redhat debian CWE-119
5.5
2021-08-24 CVE-2021-30887 A logic issue was addressed with improved restrictions.
network
low complexity
apple fedoraproject debian
6.5