Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-25 | CVE-2021-21849 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. | 6.8 |
| 2021-08-25 | CVE-2021-21850 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. | 6.8 |
| 2021-08-25 | CVE-2021-3605 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. | 5.5 |
| 2021-08-24 | CVE-2021-30887 | A logic issue was addressed with improved restrictions. | 6.5 |
| 2021-08-24 | CVE-2021-30890 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2021-08-23 | CVE-2021-39140 | Infinite Loop vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 6.3 |
| 2021-08-23 | CVE-2021-3693 | Cross-site Scripting vulnerability in multiple products LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. | 6.8 |
| 2021-08-23 | CVE-2021-3694 | Cross-site Scripting vulnerability in multiple products LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. | 6.8 |
| 2021-08-23 | CVE-2021-3731 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. | 4.3 |
| 2021-08-23 | CVE-2021-37750 | NULL Pointer Dereference vulnerability in multiple products The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. | 6.5 |