Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-3409 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code.
local
low complexity
qemu redhat fedoraproject debian CWE-119
5.7
2021-03-22 CVE-2021-28971 Improper Handling of Exceptional Conditions vulnerability in multiple products
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.
local
low complexity
linux fedoraproject debian netapp CWE-755
5.5
2021-03-22 CVE-2021-28964 Race Condition vulnerability in multiple products
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8.
local
high complexity
linux fedoraproject debian netapp CWE-362
4.7
2021-03-22 CVE-2021-28963 Injection vulnerability in multiple products
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
network
low complexity
shibboleth debian CWE-74
5.3
2021-03-21 CVE-2021-28957 Cross-site Scripting vulnerability in multiple products
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3.
network
low complexity
lxml debian fedoraproject netapp oracle CWE-79
6.1
2021-03-20 CVE-2020-27171 Off-by-one Error vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.11.8.
local
low complexity
linux fedoraproject debian canonical CWE-193
6.0
2021-03-20 CVE-2020-27170 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.11.8.
local
high complexity
linux fedoraproject canonical debian CWE-203
4.7
2021-03-20 CVE-2021-28950 Excessive Iteration vulnerability in multiple products
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8.
local
low complexity
linux fedoraproject debian CWE-834
5.5
2021-03-18 CVE-2021-3416 A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0.
local
low complexity
qemu fedoraproject redhat debian
6.0
2021-03-12 CVE-2021-21366 xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.
network
low complexity
xmldom-project debian
4.3