Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-01 | CVE-2020-15677 | Open Redirect vulnerability in multiple products By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. | 6.1 |
2020-10-01 | CVE-2020-15676 | Cross-site Scripting vulnerability in multiple products Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. | 6.1 |
2020-09-30 | CVE-2020-25626 | Cross-site Scripting vulnerability in multiple products A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. | 6.1 |
2020-09-30 | CVE-2020-26137 | Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). | 6.5 |
2020-09-25 | CVE-2020-25625 | Infinite Loop vulnerability in multiple products hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. | 5.3 |
2020-09-25 | CVE-2020-25085 | Out-of-bounds Write vulnerability in multiple products QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | 5.0 |
2020-09-24 | CVE-2020-26088 | Incorrect Default Permissions vulnerability in multiple products A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. | 5.5 |
2020-09-23 | CVE-2020-25604 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 4.7 |
2020-09-23 | CVE-2020-25602 | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.0 |
2020-09-23 | CVE-2020-25601 | An issue was discovered in Xen through 4.14.x. | 5.5 |