Vulnerabilities > Debian > Debian Linux > Low

DATE CVE VULNERABILITY TITLE RISK
2020-09-09 CVE-2020-1968 Information Exposure Through Discrepancy vulnerability in multiple products
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite.
network
high complexity
openssl canonical debian oracle fujitsu CWE-203
3.7
2020-09-02 CVE-2020-24654 Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
3.3
2020-08-31 CVE-2020-12829 Integer Overflow or Wraparound vulnerability in multiple products
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation.
local
low complexity
qemu canonical debian CWE-190
3.8
2020-08-11 CVE-2020-16092 Reachable Assertion vulnerability in multiple products
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing.
local
low complexity
qemu debian canonical opensuse CWE-617
3.8
2020-08-03 CVE-2020-16116 Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
3.3
2020-07-30 CVE-2020-16166 Use of Insufficiently Random Values vulnerability in multiple products
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c.
3.7
2020-07-27 CVE-2020-15103 Integer Overflow to Buffer Overflow vulnerability in multiple products
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel.
3.5
2020-07-21 CVE-2020-15859 Use After Free vulnerability in multiple products
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
local
low complexity
qemu debian CWE-416
3.3
2020-07-15 CVE-2020-14573 Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). 3.7
2020-07-15 CVE-2020-14577 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). 3.7