Debian: >> Debian Linux >> 11.0 Security Vulnerabilities
Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.
CVSS Score
9.8
EPSS Score
0.788
Published
2021-02-22
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
CVSS Score
6.3
EPSS Score
0.001
Published
2021-01-14
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.008
Published
2020-09-30
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVSS Score
3.7
EPSS Score
0.002
Published
2020-07-15
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CVSS Score
7.7
EPSS Score
0.025
Published
2020-06-04
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
CVSS Score
3.7
EPSS Score
0.0
Published
2020-04-27
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-01-28
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-12-03
A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-12-03
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
CVSS Score
7.5
EPSS Score
0.037
Published
2019-11-25