Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-22 CVE-2020-27673 An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.
local
low complexity
linux debian opensuse xen
5.5
2020-10-16 CVE-2020-15157 Insufficiently Protected Credentials vulnerability in multiple products
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability.
network
high complexity
linuxfoundation canonical debian CWE-522
6.1
2020-10-12 CVE-2020-15250 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability.
local
low complexity
junit debian apache oracle CWE-732
5.5
2020-10-12 CVE-2020-13943 If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers.
network
low complexity
apache debian oracle
4.3
2020-10-10 CVE-2020-26934 Cross-site Scripting vulnerability in multiple products
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-79
6.1
2020-10-10 CVE-2020-26932 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
network
low complexity
sympa debian CWE-732
4.3
2020-10-07 CVE-2020-26870 Cross-site Scripting vulnerability in multiple products
Cure53 DOMPurify before 2.0.17 allows mutation XSS.
network
low complexity
cure53 debian microsoft oracle CWE-79
6.1
2020-10-07 CVE-2020-14355 Classic Buffer Overflow vulnerability in multiple products
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1.
6.6
2020-10-06 CVE-2020-25641 Infinite Loop vulnerability in multiple products
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7.
local
low complexity
linux redhat opensuse debian canonical CWE-835
5.5
2020-10-06 CVE-2020-26572 Out-of-bounds Write vulnerability in multiple products
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
5.5