Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-16135 NULL Pointer Dereference vulnerability in multiple products
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
5.9
2020-07-29 CVE-2020-16117 NULL Pointer Dereference vulnerability in multiple products
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt.
network
high complexity
gnome debian CWE-476
5.9
2020-07-29 CVE-2020-15707 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.
6.4
2020-07-29 CVE-2020-15706 Use After Free vulnerability in multiple products
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass.
6.4
2020-07-29 CVE-2020-15705 Improper Verification of Cryptographic Signature vulnerability in multiple products
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed.
6.4
2020-07-28 CVE-2020-15863 Out-of-bounds Write vulnerability in multiple products
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow.
local
high complexity
qemu debian canonical CWE-787
5.3
2020-07-27 CVE-2020-15954 Cleartext Transmission of Sensitive Information vulnerability in multiple products
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
network
low complexity
kde debian CWE-319
6.5
2020-07-22 CVE-2020-6536 Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.
network
low complexity
google debian opensuse fedoraproject
4.3
2020-07-22 CVE-2020-6535 Cross-site Scripting vulnerability in multiple products
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.
network
low complexity
google opensuse debian fedoraproject CWE-79
6.1
2020-07-22 CVE-2020-6531 Information Exposure Through Discrepancy vulnerability in multiple products
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-203
4.3