Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2021-01-20 CVE-2020-25684 A flaw was found in dnsmasq before version 2.83.
network
high complexity
thekelleys fedoraproject debian arista
3.7
2021-01-20 CVE-2020-25685 Inadequate Encryption Strength vulnerability in multiple products
A flaw was found in dnsmasq before version 2.83.
network
high complexity
thekelleys fedoraproject debian arista CWE-326
3.7
2021-01-12 CVE-2021-23239 Link Following vulnerability in multiple products
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
2.5
2020-12-15 CVE-2020-29480 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
2.3
2020-12-14 CVE-2020-8284 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. 3.7
2020-12-10 CVE-2020-29668 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
network
high complexity
sympa fedoraproject debian CWE-565
3.7
2020-12-10 CVE-2020-27351 Missing Release of Resource after Effective Lifetime vulnerability in Debian Advanced Package Tool
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170.
local
low complexity
debian CWE-772
2.8
2020-12-08 CVE-2020-25675 In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer.
local
low complexity
imagemagick debian
3.3
2020-12-08 CVE-2020-27751 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in ImageMagick in MagickCore/quantum-export.c.
local
low complexity
imagemagick debian CWE-190
3.3
2020-12-08 CVE-2020-27754 In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file.
local
low complexity
imagemagick debian
3.3