Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-13 | CVE-2020-19716 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | 6.5 |
| 2021-07-13 | CVE-2021-31810 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. | 5.8 |
| 2021-07-12 | CVE-2021-30640 | Improper Encoding or Escaping of Output vulnerability in multiple products A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. | 6.5 |
| 2021-07-12 | CVE-2021-33037 | HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. | 5.3 |
| 2021-07-06 | CVE-2021-3598 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. | 5.5 |
| 2021-06-30 | CVE-2021-3630 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. | 5.5 |
| 2021-06-30 | CVE-2021-32566 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. | 5.0 |
| 2021-06-30 | CVE-2021-32567 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. | 5.0 |
| 2021-06-29 | CVE-2021-27577 | HTTP Request Smuggling vulnerability in multiple products Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. | 5.0 |
| 2021-06-29 | CVE-2021-32565 | HTTP Request Smuggling vulnerability in multiple products Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. | 5.0 |