Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-11 CVE-2020-26139 Improper Authentication vulnerability in multiple products
An issue was discovered in the kernel in NetBSD 7.1.
5.3
2021-05-11 CVE-2020-26147 An issue was discovered in the Linux kernel 5.8.9.
high complexity
linux debian arista siemens
5.4
2021-05-06 CVE-2021-31916 An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12.
local
low complexity
linux redhat debian
6.7
2021-05-06 CVE-2021-31829 Incorrect Authorization vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a.
local
low complexity
linux fedoraproject debian CWE-863
5.5
2021-05-06 CVE-2021-3507 A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including).
local
low complexity
qemu debian redhat
6.1
2021-05-05 CVE-2021-20254 A flaw was found in samba.
network
high complexity
samba fedoraproject redhat debian
6.8
2021-04-30 CVE-2021-21229 Origin Validation Error vulnerability in multiple products
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-346
6.5
2021-04-30 CVE-2021-21228 Incorrect Authorization vulnerability in multiple products
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
network
low complexity
google debian fedoraproject CWE-863
4.3
2021-04-29 CVE-2021-21417 Use After Free vulnerability in multiple products
fluidsynth is a software synthesizer based on the SoundFont 2 specifications.
local
low complexity
fluidsynth debian CWE-416
5.5
2021-04-29 CVE-2021-25214 Reachable Assertion vulnerability in multiple products
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
network
low complexity
isc debian fedoraproject siemens netapp CWE-617
6.5