Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-28040 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | 4.3 |
| 2020-11-02 | CVE-2020-28038 | Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows stored XSS via post slugs. | 6.1 |
| 2020-11-02 | CVE-2020-28034 | Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows XSS associated with global variables. | 6.1 |
| 2020-10-29 | CVE-2020-14323 | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. | 5.5 |
| 2020-10-22 | CVE-2020-27675 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. | 4.7 |
| 2020-10-22 | CVE-2020-27674 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. | 5.3 |
| 2020-10-22 | CVE-2020-27673 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. | 5.5 |
| 2020-10-21 | CVE-2020-14812 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). | 4.9 |
| 2020-10-21 | CVE-2020-14803 | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). | 5.0 |
| 2020-10-21 | CVE-2020-14797 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 4.3 |