Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2020-05-07 CVE-2020-11044 Double Free vulnerability in multiple products
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed.
network
high complexity
freerdp canonical debian CWE-415
2.2
2020-05-07 CVE-2020-11045 Out-of-bounds Read vulnerability in multiple products
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer.
network
high complexity
freerdp debian canonical CWE-125
3.3
2020-05-07 CVE-2020-11046 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.
network
high complexity
freerdp canonical debian CWE-119
2.2
2020-04-30 CVE-2020-11030 Cross-site Scripting vulnerability in multiple products
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor.
3.5
2020-04-30 CVE-2020-11025 Cross-site Scripting vulnerability in multiple products
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed.
3.5
2020-04-27 CVE-2020-9488 Improper Certificate Validation vulnerability in multiple products
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender.
network
high complexity
apache oracle debian qos CWE-295
3.7
2020-04-27 CVE-2020-11810 Race Condition vulnerability in multiple products
An issue was discovered in OpenVPN 2.4.x before 2.4.9.
network
high complexity
openvpn debian fedoraproject CWE-362
3.7
2020-04-15 CVE-2020-2754 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). 3.7
2020-04-15 CVE-2020-2755 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). 3.7
2020-04-15 CVE-2020-2756 Improper Handling of Exceptional Conditions vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
3.7