Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-19 CVE-2021-3178 Path Traversal vulnerability in multiple products
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS.
network
low complexity
linux fedoraproject debian CWE-22
6.5
2021-01-14 CVE-2021-24122 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations.
network
high complexity
apache debian oracle CWE-706
5.9
2021-01-11 CVE-2021-0308 Out-of-bounds Write vulnerability in multiple products
In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check.
low complexity
google debian CWE-787
6.8
2021-01-11 CVE-2020-26298 Redcarpet is a Ruby library for Markdown processing.
network
low complexity
redcarpet-project debian
5.4
2021-01-07 CVE-2020-26976 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing.
network
low complexity
mozilla debian
6.5
2021-01-06 CVE-2020-8287 HTTP Request Smuggling vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields).
network
low complexity
nodejs debian fedoraproject oracle siemens CWE-444
6.5
2021-01-05 CVE-2020-27845 There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0.
local
low complexity
uclouvain fedoraproject debian oracle
5.5
2021-01-05 CVE-2020-27843 Out-of-bounds Read vulnerability in multiple products
A flaw was found in OpenJPEG in versions prior to 2.4.0.
5.5
2021-01-05 CVE-2020-27842 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0.
local
low complexity
uclouvain fedoraproject debian redhat oracle
5.5
2021-01-05 CVE-2020-27841 There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c.
local
low complexity
uclouvain fedoraproject debian oracle
5.5