Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-30 | CVE-2020-26137 | Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). | 6.5 |
| 2020-09-25 | CVE-2020-25625 | Infinite Loop vulnerability in multiple products hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. | 5.3 |
| 2020-09-25 | CVE-2020-25085 | Out-of-bounds Write vulnerability in multiple products QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | 5.0 |
| 2020-09-24 | CVE-2020-26088 | Incorrect Default Permissions vulnerability in multiple products A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. | 5.5 |
| 2020-09-23 | CVE-2020-25604 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 4.7 |
| 2020-09-23 | CVE-2020-25602 | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.0 |
| 2020-09-23 | CVE-2020-25601 | An issue was discovered in Xen through 4.14.x. | 5.5 |
| 2020-09-23 | CVE-2020-25600 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 5.5 |
| 2020-09-23 | CVE-2020-25596 | Injection vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 5.5 |
| 2020-09-23 | CVE-2020-25739 | Cross-site Scripting vulnerability in multiple products An issue was discovered in the gon gem before gon-6.4.0 for Ruby. | 6.1 |