Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2021-32815 Reachable Assertion vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject debian CWE-617
5.5
2021-08-09 CVE-2021-34334 Infinite Loop vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject debian CWE-835
5.5
2021-08-08 CVE-2021-38204 Use After Free vulnerability in multiple products
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
local
low complexity
linux debian CWE-416
4.6
2021-08-08 CVE-2021-36221 Race Condition vulnerability in multiple products
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
network
high complexity
golang fedoraproject debian oracle siemens CWE-362
5.9
2021-08-07 CVE-2021-38165 Insufficiently Protected Credentials vulnerability in multiple products
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
network
high complexity
lynx-project debian fedoraproject CWE-522
5.3
2021-08-05 CVE-2021-3566 Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it.
local
low complexity
ffmpeg debian
5.5
2021-08-05 CVE-2021-3679 Infinite Loop vulnerability in multiple products
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way.
local
low complexity
linux redhat debian CWE-835
5.5
2021-08-04 CVE-2021-38114 Unchecked Return Value vulnerability in multiple products
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
local
low complexity
ffmpeg debian CWE-252
5.5
2021-08-02 CVE-2021-34556 Information Exposure Through Discrepancy vulnerability in multiple products
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
local
low complexity
linux fedoraproject debian CWE-203
5.5
2021-08-02 CVE-2021-35477 Information Exposure Through Discrepancy vulnerability in multiple products
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
local
low complexity
linux debian fedoraproject CWE-203
5.5