Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-10 | CVE-2020-26932 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | 4.3 |
| 2020-10-07 | CVE-2020-26870 | Cross-site Scripting vulnerability in multiple products Cure53 DOMPurify before 2.0.17 allows mutation XSS. | 4.3 |
| 2020-10-07 | CVE-2020-14355 | Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. | 6.6 |
| 2020-10-06 | CVE-2020-25641 | Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. | 5.5 |
| 2020-10-06 | CVE-2020-26572 | Out-of-bounds Write vulnerability in multiple products The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. | 5.5 |
| 2020-10-06 | CVE-2020-26571 | Out-of-bounds Write vulnerability in multiple products The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. | 5.5 |
| 2020-10-06 | CVE-2020-26570 | Out-of-bounds Write vulnerability in multiple products The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. | 5.5 |
| 2020-10-02 | CVE-2020-7070 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. | 5.3 |
| 2020-10-02 | CVE-2020-7069 | Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. | 6.5 |
| 2020-10-02 | CVE-2020-26519 | Out-of-bounds Write vulnerability in multiple products Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. | 5.5 |