Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-12 | CVE-2020-25706 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field | 6.1 |
2020-11-10 | CVE-2020-28368 | Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. | 4.4 |
2020-11-06 | CVE-2020-27617 | Reachable Assertion vulnerability in multiple products eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. | 4.0 |
2020-11-06 | CVE-2020-17490 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | 5.5 |
2020-11-06 | CVE-2020-28242 | Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. | 6.5 |
2020-11-06 | CVE-2020-28241 | Out-of-bounds Read vulnerability in multiple products libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. | 6.5 |
2020-11-04 | CVE-2020-28049 | Race Condition vulnerability in multiple products An issue was discovered in SDDM before 0.19.0. | 6.3 |
2020-11-03 | CVE-2020-6557 | Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
2020-11-03 | CVE-2020-16011 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 6.8 |
2020-11-03 | CVE-2020-16007 | Improper Input Validation vulnerability in multiple products Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | 4.6 |