Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-05 CVE-2021-28038 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV.
local
low complexity
linux debian netapp CWE-770
6.5
2021-02-27 CVE-2021-25284 Insufficiently Protected Credentials vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-522
4.4
2021-02-27 CVE-2020-28972 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
network
high complexity
saltstack fedoraproject debian CWE-295
5.9
2021-02-26 CVE-2020-27618 Infinite Loop vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
local
low complexity
gnu netapp oracle debian CWE-835
5.5
2021-02-26 CVE-2020-27223 Resource Exhaustion vulnerability in multiple products
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e.
network
low complexity
eclipse apache netapp debian oracle CWE-400
5.3
2021-02-26 CVE-2021-21330 aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
network
low complexity
aiohttp debian fedoraproject
6.1
2021-02-26 CVE-2021-23973 Information Exposure Through an Error Message vulnerability in multiple products
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource.
network
low complexity
mozilla debian CWE-209
6.5
2021-02-26 CVE-2021-23969 As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects.
network
low complexity
mozilla debian
4.3
2021-02-26 CVE-2021-23968 Information Exposure Through an Error Message vulnerability in multiple products
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI.
network
low complexity
mozilla debian CWE-209
4.3
2021-02-23 CVE-2021-3407 A flaw was found in mupdf 1.18.0.
local
low complexity
artifex fedoraproject debian
5.5