Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-21861 Incorrect Conversion between Numeric Types vulnerability in multiple products
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.
network
gpac debian CWE-681
6.8
2021-08-16 CVE-2021-22939 Improper Certificate Validation vulnerability in multiple products
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
network
low complexity
nodejs oracle netapp siemens debian CWE-295
5.3
2021-08-13 CVE-2021-37695 Cross-site Scripting vulnerability in multiple products
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor debian fedoraproject oracle CWE-79
5.4
2021-08-10 CVE-2020-21675 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.
local
low complexity
fig2dev-project debian CWE-787
5.5
2021-08-10 CVE-2020-21676 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
local
low complexity
fig2dev-project debian CWE-787
5.5
2021-08-10 CVE-2020-21688 Use After Free vulnerability in multiple products
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
6.8
2021-08-10 CVE-2020-21697 Use After Free vulnerability in multiple products
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
4.3
2021-08-09 CVE-2021-37620 Out-of-bounds Read vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject debian CWE-125
5.5
2021-08-09 CVE-2021-37621 Infinite Loop vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject debian CWE-835
5.5
2021-08-09 CVE-2021-37622 Infinite Loop vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject debian CWE-835
5.5