Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-25 CVE-2021-21849 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.
network
gpac debian CWE-119
6.8
2021-08-25 CVE-2021-21850 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.
network
gpac debian CWE-190
6.8
2021-08-25 CVE-2021-3605 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5.
local
low complexity
openexr redhat debian CWE-119
5.5
2021-08-24 CVE-2021-30887 A logic issue was addressed with improved restrictions.
network
low complexity
apple fedoraproject debian
6.5
2021-08-24 CVE-2021-30890 Cross-site Scripting vulnerability in multiple products
A logic issue was addressed with improved state management.
network
low complexity
apple fedoraproject debian CWE-79
6.1
2021-08-23 CVE-2021-39140 Infinite Loop vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
6.3
2021-08-23 CVE-2021-3693 Cross-site Scripting vulnerability in multiple products
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM.
6.8
2021-08-23 CVE-2021-3694 Cross-site Scripting vulnerability in multiple products
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser.
6.8
2021-08-23 CVE-2021-3731 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'.
4.3
2021-08-23 CVE-2021-37750 NULL Pointer Dereference vulnerability in multiple products
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
6.5