Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-33829 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
network
low complexity
ckeditor fedoraproject drupal debian CWE-79
6.1
6.1
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian oracle netapp
5.3
5.3
2021-06-08 CVE-2021-23215 An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1.
local
low complexity
openexr fedoraproject debian
5.5
5.5
2021-06-08 CVE-2021-26260 An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1.
local
low complexity
openexr fedoraproject debian
5.5
5.5
2021-06-08 CVE-2021-3564 A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device.
local
low complexity
linux fedoraproject debian
5.5
5.5
2021-06-02 CVE-2020-22054 Memory Leak vulnerability in multiple products
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
network
low complexity
ffmpeg debian CWE-401
6.5
6.5
2021-06-02 CVE-2020-22046 Memory Leak vulnerability in multiple products
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
network
low complexity
ffmpeg debian CWE-401
6.5
6.5
2021-06-02 CVE-2020-22048 Memory Leak vulnerability in multiple products
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
network
low complexity
ffmpeg debian CWE-401
6.5
6.5
2021-06-02 CVE-2020-22049 Memory Leak vulnerability in multiple products
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
network
low complexity
ffmpeg debian CWE-401
6.5
6.5
2021-06-02 CVE-2021-3468 Infinite Loop vulnerability in multiple products
A flaw was found in avahi in versions 0.6 up to 0.8.
local
low complexity
avahi debian CWE-835
5.5
5.5