Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-20 CVE-2021-29155 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.x.
local
low complexity
linux fedoraproject debian CWE-125
5.5
2021-04-19 CVE-2021-29458 Out-of-bounds Read vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject debian CWE-125
5.5
2021-04-16 CVE-2021-31348 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in libezxml.a in ezXML 0.8.6.
4.3
2021-04-16 CVE-2021-31347 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
An issue was discovered in libezxml.a in ezXML 0.8.6.
4.3
2021-04-15 CVE-2021-29450 Information Exposure vulnerability in multiple products
Wordpress is an open source CMS.
network
low complexity
wordpress debian CWE-200
4.0
2021-04-15 CVE-2021-29447 XXE vulnerability in multiple products
Wordpress is an open source CMS.
network
low complexity
wordpress debian CWE-611
6.5
2021-04-15 CVE-2021-31229 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in libezxml.a in ezXML 0.8.6.
4.3
2021-04-14 CVE-2021-29338 Integer Overflow or Wraparound vulnerability in multiple products
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS).
local
low complexity
uclouvain fedoraproject debian CWE-190
5.5
2021-04-14 CVE-2020-36322 Incomplete Cleanup vulnerability in multiple products
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf.
local
low complexity
linux debian starwindsoftware CWE-459
5.5
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8