Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2020-09-09 CVE-2020-7068 Use After Free vulnerability in multiple products
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
local
high complexity
php debian tenable CWE-416
3.6
2020-09-09 CVE-2020-1968 Information Exposure Through Discrepancy vulnerability in multiple products
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite.
network
high complexity
openssl canonical debian oracle fujitsu CWE-203
3.7
2020-09-02 CVE-2020-24654 Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
3.3
2020-08-31 CVE-2020-12829 Integer Overflow or Wraparound vulnerability in multiple products
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation.
local
low complexity
qemu canonical debian CWE-190
3.8
2020-08-11 CVE-2020-16092 Reachable Assertion vulnerability in multiple products
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing.
local
low complexity
qemu debian canonical opensuse CWE-617
3.8
2020-08-03 CVE-2020-16116 Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
3.3
2020-07-30 CVE-2020-16166 Use of Insufficiently Random Values vulnerability in multiple products
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c.
3.7
2020-07-27 CVE-2020-15103 In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel.
network
low complexity
freerdp fedoraproject opensuse canonical debian
3.5
2020-07-21 CVE-2020-15859 Use After Free vulnerability in multiple products
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
local
low complexity
qemu debian CWE-416
3.3
2020-07-02 CVE-2020-15469 NULL Pointer Dereference vulnerability in multiple products
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
local
low complexity
qemu debian CWE-476
2.3