Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-11 CVE-2019-20917 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0.
network
low complexity
inspircd debian CWE-476
6.5
2020-09-10 CVE-2020-13920 Missing Authentication for Critical Function vulnerability in multiple products
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry.
network
high complexity
apache oracle debian CWE-306
5.9
2020-09-09 CVE-2020-25211 Classic Buffer Overflow vulnerability in multiple products
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
local
low complexity
linux debian fedoraproject CWE-120
6.0
2020-09-08 CVE-2020-3702 Cleartext Transmission of Sensitive Information vulnerability in multiple products
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
low complexity
qualcomm debian arista CWE-319
6.5
2020-09-04 CVE-2020-24977 Out-of-bounds Read vulnerability in multiple products
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
6.5
2020-09-02 CVE-2020-15811 Incorrect Comparison vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
6.5
2020-09-02 CVE-2020-15810 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
6.5
2020-09-02 CVE-2020-16150 Information Exposure Through Discrepancy vulnerability in multiple products
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information.
local
low complexity
arm fedoraproject debian CWE-203
5.5
2020-09-02 CVE-2020-25073 Exposure of Resource to Wrong Sphere vulnerability in Debian Freedombox
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection.
network
low complexity
debian CWE-668
5.3
2020-08-31 CVE-2020-14364 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0.
5.0