Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2020-06-29 CVE-2020-15393 Memory Leak vulnerability in multiple products
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
local
low complexity
linux debian opensuse canonical CWE-401
2.1
2020-06-24 CVE-2020-15005 In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them.
network
high complexity
mediawiki fedoraproject debian
3.1
2020-06-24 CVE-2020-15011 Injection vulnerability in multiple products
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
network
high complexity
gnu canonical debian CWE-74
2.6
2020-06-18 CVE-2019-13033 Information Exposure vulnerability in multiple products
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed.
local
low complexity
cisofy debian fedoraproject CWE-200
3.3
2020-06-12 CVE-2020-4049 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page.
network
low complexity
wordpress fedoraproject debian CWE-80
2.4
2020-06-12 CVE-2020-4050 Authentication Bypass Using an Alternate Path or Channel vulnerability in multiple products
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved.
network
high complexity
wordpress fedoraproject debian CWE-288
3.1
2020-06-02 CVE-2020-13659 NULL Pointer Dereference vulnerability in multiple products
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
local
high complexity
qemu debian opensuse canonical CWE-476
2.5
2020-05-29 CVE-2020-11040 Out-of-bounds Read vulnerability in multiple products
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color.
network
low complexity
freerdp opensuse debian CWE-125
2.7
2020-05-29 CVE-2020-11043 Out-of-bounds Read vulnerability in multiple products
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset.
network
low complexity
freerdp opensuse debian CWE-125
2.7
2020-05-29 CVE-2020-11085 Out-of-bounds Read vulnerability in multiple products
In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list.
network
low complexity
freerdp opensuse debian CWE-125
3.5