Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-28 CVE-2021-33515 Command Injection vulnerability in multiple products
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp.
network
high complexity
dovecot fedoraproject debian CWE-77
4.8
2021-06-24 CVE-2021-32492 Out-of-bounds Read vulnerability in multiple products
A flaw was found in djvulibre-3.5.28 and earlier.
6.8
2021-06-24 CVE-2021-3500 Out-of-bounds Write vulnerability in multiple products
A flaw was found in djvulibre-3.5.28 and earlier.
6.8
2021-06-23 CVE-2021-33624 Type Confusion vulnerability in multiple products
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
local
high complexity
linux debian CWE-843
4.7
2021-06-22 CVE-2021-0561 Out-of-bounds Write vulnerability in multiple products
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google fedoraproject debian CWE-787
5.5
2021-06-14 CVE-2021-34693 Missing Initialization of Resource vulnerability in multiple products
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
local
low complexity
linux debian CWE-909
5.5
2021-06-11 CVE-2021-22895 Improper Certificate Validation vulnerability in multiple products
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.
4.3
2021-06-10 CVE-2020-25467 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.
4.3
2021-06-10 CVE-2021-27345 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.
4.3
2021-06-10 CVE-2021-27347 Use After Free vulnerability in multiple products
Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.
4.3