Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-05 CVE-2020-36158 Classic Buffer Overflow vulnerability in multiple products
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
local
low complexity
linux fedoraproject debian netapp CWE-120
6.7
2021-01-04 CVE-2019-25013 Out-of-bounds Read vulnerability in multiple products
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
network
high complexity
gnu fedoraproject netapp broadcom debian CWE-125
5.9
2021-01-04 CVE-2020-24386 An issue was discovered in Dovecot before 2.3.13.
network
high complexity
dovecot debian fedoraproject
6.8
2020-12-30 CVE-2019-15523 Unchecked Return Value vulnerability in multiple products
An issue was discovered in LINBIT csync2 through 2.0.
network
low complexity
linbit debian CWE-252
5.3
2020-12-30 CVE-2020-26247 XXE vulnerability in multiple products
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support.
network
low complexity
nokogiri debian CWE-611
4.3
2020-12-28 CVE-2020-35730 Cross-site Scripting vulnerability in multiple products
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
2020-12-28 CVE-2020-35738 Integer Overflow or Wraparound vulnerability in multiple products
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument.
local
low complexity
wavpack debian fedoraproject CWE-190
6.1
2020-12-18 CVE-2020-35480 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.1.
network
low complexity
mediawiki debian fedoraproject CWE-203
5.3
2020-12-18 CVE-2020-35479 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
2020-12-18 CVE-2020-35477 Always-Incorrect Control Flow Implementation vulnerability in multiple products
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations.
network
low complexity
mediawiki debian fedoraproject CWE-670
5.3