Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-10 | CVE-2020-13920 | Missing Authentication for Critical Function vulnerability in multiple products Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. | 5.9 |
| 2020-09-09 | CVE-2020-25211 | Classic Buffer Overflow vulnerability in multiple products In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. | 6.0 |
| 2020-09-08 | CVE-2020-3702 | Cleartext Transmission of Sensitive Information vulnerability in multiple products u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 | 6.5 |
| 2020-09-04 | CVE-2020-24977 | Out-of-bounds Read vulnerability in multiple products GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. | 6.5 |
| 2020-09-02 | CVE-2020-15811 | Incorrect Comparison vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | 6.5 |
| 2020-09-02 | CVE-2020-15810 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | 6.5 |
| 2020-09-02 | CVE-2020-16150 | Information Exposure Through Discrepancy vulnerability in multiple products A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. | 5.5 |
| 2020-08-31 | CVE-2020-14364 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. | 5.0 |
| 2020-08-30 | CVE-2020-8244 | Out-of-bounds Read vulnerability in multiple products A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls. | 6.5 |
| 2020-08-21 | CVE-2020-8624 | Improper Privilege Management vulnerability in multiple products In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | 4.3 |