Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-12 | CVE-2020-4046 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. | 5.4 |
| 2020-06-11 | CVE-2020-0182 | Out-of-bounds Read vulnerability in multiple products In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. | 6.4 |
| 2020-06-09 | CVE-2020-13965 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. | 6.1 |
| 2020-06-09 | CVE-2020-13964 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. | 6.1 |
| 2020-06-08 | CVE-2020-13696 | Incorrect Authorization vulnerability in multiple products An issue was discovered in LinuxTV xawtv before 3.107. | 4.4 |
| 2020-06-07 | CVE-2020-13904 | Use After Free vulnerability in multiple products FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | 5.5 |
| 2020-06-06 | CVE-2020-13881 | Information Exposure Through Log Files vulnerability in multiple products In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | 4.3 |
| 2020-06-04 | CVE-2020-13848 | NULL Pointer Dereference vulnerability in multiple products Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. | 5.0 |
| 2020-06-04 | CVE-2020-13765 | Out-of-bounds Write vulnerability in multiple products rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. | 5.6 |
| 2020-06-03 | CVE-2020-6498 | Incorrect Default Permissions vulnerability in multiple products Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |