Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-28 | CVE-2021-33515 | Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. | 4.8 |
2021-06-24 | CVE-2021-32492 | Out-of-bounds Read vulnerability in multiple products A flaw was found in djvulibre-3.5.28 and earlier. | 6.8 |
2021-06-24 | CVE-2021-3500 | Out-of-bounds Write vulnerability in multiple products A flaw was found in djvulibre-3.5.28 and earlier. | 6.8 |
2021-06-23 | CVE-2021-33624 | Type Confusion vulnerability in multiple products In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. | 4.7 |
2021-06-22 | CVE-2021-0561 | Out-of-bounds Write vulnerability in multiple products In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. | 5.5 |
2021-06-14 | CVE-2021-34693 | Missing Initialization of Resource vulnerability in multiple products net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. | 5.5 |
2021-06-11 | CVE-2021-22895 | Improper Certificate Validation vulnerability in multiple products Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. | 4.3 |
2021-06-10 | CVE-2020-25467 | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file. | 4.3 |
2021-06-10 | CVE-2021-27345 | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. | 4.3 |
2021-06-10 | CVE-2021-27347 | Use After Free vulnerability in multiple products Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. | 4.3 |