Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-27 | CVE-2021-28699 | inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. | 5.5 |
2021-08-27 | CVE-2021-28700 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. | 4.9 |
2021-08-27 | CVE-2020-23226 | Cross-site Scripting vulnerability in multiple products Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. | 6.1 |
2021-08-25 | CVE-2021-3605 | There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. | 5.5 |
2021-08-24 | CVE-2021-30887 | A logic issue was addressed with improved restrictions. | 6.5 |
2021-08-24 | CVE-2021-30890 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
2021-08-23 | CVE-2021-39140 | XStream is a simple library to serialize objects to XML and back again. | 6.3 |
2021-08-23 | CVE-2021-3731 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. | 4.7 |
2021-08-23 | CVE-2021-37750 | NULL Pointer Dereference vulnerability in multiple products The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. | 6.5 |
2021-08-22 | CVE-2021-39365 | Improper Certificate Validation vulnerability in multiple products In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. | 5.9 |