Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2021-2388 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
network
high complexity
oracle debian
5.1
2021-07-20 CVE-2021-33910 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
5.5
2021-07-19 CVE-2020-36421 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-203
5.3
2021-07-19 CVE-2020-36422 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-203
5.3
2021-07-19 CVE-2020-36424 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
local
high complexity
arm debian CWE-203
4.7
2021-07-19 CVE-2020-36425 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
network
low complexity
arm debian CWE-295
5.3
2021-07-15 CVE-2021-32743 Exposure of Sensitive Data Through Data Queries vulnerability in multiple products
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting.
network
low complexity
icinga debian CWE-202
6.5
2021-07-15 CVE-2021-32739 Privilege Defined With Unsafe Actions vulnerability in multiple products
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting.
network
low complexity
icinga debian CWE-267
6.5
2021-07-14 CVE-2021-36740 HTTP Request Smuggling vulnerability in multiple products
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request.
6.5
2021-07-14 CVE-2021-24119 Information Exposure Through Discrepancy vulnerability in multiple products
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
arm fedoraproject debian CWE-203
4.9