Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-26 CVE-2021-29264 An issue was discovered in the Linux kernel through 5.11.10.
local
linux debian
4.7
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-23 CVE-2021-3409 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code.
local
low complexity
qemu redhat fedoraproject debian CWE-119
5.7
2021-03-23 CVE-2021-3444 Incorrect Conversion between Numeric Types vulnerability in multiple products
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0.
local
low complexity
linux debian canonical CWE-681
4.6
2021-03-23 CVE-2021-20270 Infinite Loop vulnerability in multiple products
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
network
low complexity
pygments redhat fedoraproject debian CWE-835
5.0
2021-03-22 CVE-2021-28971 Improper Handling of Exceptional Conditions vulnerability in multiple products
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.
local
low complexity
linux fedoraproject debian netapp CWE-755
5.5
2021-03-22 CVE-2021-28964 Race Condition vulnerability in multiple products
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8.
local
high complexity
linux fedoraproject debian netapp CWE-362
4.7
2021-03-22 CVE-2021-28963 Injection vulnerability in multiple products
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
network
low complexity
shibboleth debian CWE-74
5.3
2021-03-21 CVE-2021-28957 Cross-site Scripting vulnerability in multiple products
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3.
network
low complexity
lxml debian fedoraproject netapp oracle CWE-79
6.1
2021-03-20 CVE-2020-27171 Off-by-one Error vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.11.8.
local
low complexity
linux fedoraproject debian canonical CWE-193
6.0