Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-27 CVE-2021-28699 inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status.
local
low complexity
xen fedoraproject debian
5.5
2021-08-27 CVE-2021-28700 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen.
network
low complexity
xen fedoraproject debian CWE-770
4.9
2021-08-27 CVE-2020-23226 Cross-site Scripting vulnerability in multiple products
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.
network
low complexity
cacti debian CWE-79
6.1
2021-08-25 CVE-2021-3605 There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5.
local
low complexity
openexr redhat debian
5.5
2021-08-24 CVE-2021-30887 A logic issue was addressed with improved restrictions.
network
low complexity
apple fedoraproject debian
6.5
2021-08-24 CVE-2021-30890 Cross-site Scripting vulnerability in multiple products
A logic issue was addressed with improved state management.
network
low complexity
apple fedoraproject debian CWE-79
6.1
2021-08-23 CVE-2021-39140 XStream is a simple library to serialize objects to XML and back again. 6.3
2021-08-23 CVE-2021-3731 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'.
network
low complexity
ledgersmb debian CWE-1021
4.7
2021-08-23 CVE-2021-37750 NULL Pointer Dereference vulnerability in multiple products
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
6.5
2021-08-22 CVE-2021-39365 Improper Certificate Validation vulnerability in multiple products
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome debian CWE-295
5.9