Vulnerabilities > Debian > Debian Linux > Low

DATE CVE VULNERABILITY TITLE RISK
2020-06-18 CVE-2019-13033 Information Exposure vulnerability in multiple products
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed.
local
low complexity
cisofy debian fedoraproject CWE-200
3.3
3.3
2020-06-12 CVE-2020-4049 In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page.
network
low complexity
wordpress fedoraproject debian
2.4
2.4
2020-06-12 CVE-2020-4050 In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved.
network
high complexity
wordpress fedoraproject debian
3.1
3.1
2020-06-02 CVE-2020-13659 NULL Pointer Dereference vulnerability in multiple products
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
local
high complexity
qemu debian opensuse canonical CWE-476
2.5
2.5
2020-05-29 CVE-2020-11040 In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color.
network
low complexity
freerdp opensuse debian
2.7
2.7
2020-05-29 CVE-2020-11043 In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset.
network
low complexity
freerdp opensuse debian
2.7
2.7
2020-05-29 CVE-2020-11085 In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list.
network
low complexity
freerdp opensuse debian
3.5
3.5
2020-05-29 CVE-2020-11041 In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...).
network
low complexity
freerdp opensuse debian
2.7
2.7
2020-05-28 CVE-2020-13362 Out-of-bounds Read vulnerability in multiple products
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
local
low complexity
qemu debian opensuse canonical CWE-125
3.2
3.2
2020-05-28 CVE-2020-13361 Out-of-bounds Write vulnerability in multiple products
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
local
high complexity
qemu debian opensuse canonical CWE-787
3.9
3.9