Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-05 CVE-2021-40516 Out-of-bounds Read vulnerability in multiple products
WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.
network
low complexity
weechat debian CWE-125
5.0
2021-09-03 CVE-2021-39191 Open Redirect vulnerability in multiple products
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider.
network
low complexity
openidc fedoraproject debian CWE-601
6.1
2021-09-03 CVE-2021-40491 Insufficient Verification of Data Authenticity vulnerability in multiple products
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address.
network
low complexity
gnu debian CWE-345
6.5
2021-09-01 CVE-2021-36056 Heap-based Buffer Overflow vulnerability in multiple products
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user.
local
low complexity
adobe debian CWE-122
5.5
2021-09-01 CVE-2021-36058 Integer Overflow or Wraparound vulnerability in multiple products
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user.
local
low complexity
adobe debian CWE-190
5.5
2021-08-31 CVE-2021-40085 An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1.
network
low complexity
openstack debian
4.0
2021-08-31 CVE-2021-3634 Out-of-bounds Write vulnerability in multiple products
A flaw has been found in libssh in versions prior to 0.9.6.
6.5
2021-08-27 CVE-2021-28694 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered.
low complexity
xen fedoraproject debian
6.8
2021-08-27 CVE-2021-28695 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered.
low complexity
xen fedoraproject debian
6.8
2021-08-27 CVE-2021-28696 Incorrect Authorization vulnerability in multiple products
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered.
low complexity
xen fedoraproject debian CWE-863
6.8