Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-10 | CVE-2021-30641 | Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | 5.3 |
2021-06-09 | CVE-2020-24489 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2021-06-09 | CVE-2021-0089 | Information Exposure Through Discrepancy vulnerability in multiple products Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | 6.5 |
2021-06-09 | CVE-2021-0129 | Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. | 5.7 |
2021-06-09 | CVE-2021-33829 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | 6.1 |
2021-06-09 | CVE-2021-28169 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. | 5.3 |
2021-06-08 | CVE-2021-23215 | Resource Exhaustion vulnerability in multiple products An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. | 5.5 |
2021-06-08 | CVE-2021-26260 | Resource Exhaustion vulnerability in multiple products An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. | 5.5 |
2021-06-08 | CVE-2021-3564 | Double Free vulnerability in multiple products A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. | 5.5 |
2021-06-07 | CVE-2021-22222 | Infinite Loop vulnerability in multiple products Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file | 5.0 |