Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2020-09-24 CVE-2020-26088 Incorrect Default Permissions vulnerability in multiple products
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
local
low complexity
linux debian opensuse canonical CWE-276
2.1
2020-09-13 CVE-2020-25284 Incorrect Authorization vulnerability in multiple products
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
1.9
2020-09-09 CVE-2020-7068 Use After Free vulnerability in multiple products
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
3.3
2020-09-09 CVE-2020-1968 Information Exposure Through Discrepancy vulnerability in multiple products
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite.
network
high complexity
openssl canonical debian oracle fujitsu CWE-203
3.7
2020-09-08 CVE-2020-3702 Cleartext Transmission of Sensitive Information vulnerability in multiple products
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
low complexity
qualcomm debian arista CWE-319
3.3
2020-09-02 CVE-2020-24654 Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
3.3
2020-08-31 CVE-2020-12829 Integer Overflow or Wraparound vulnerability in multiple products
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation.
local
low complexity
qemu canonical debian CWE-190
2.1
2020-08-11 CVE-2020-17489 Insufficiently Protected Credentials vulnerability in multiple products
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4.
1.9
2020-08-11 CVE-2020-16092 Reachable Assertion vulnerability in multiple products
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing.
local
low complexity
qemu debian canonical opensuse CWE-617
3.8
2020-08-03 CVE-2020-16116 Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
3.3