Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-02 | CVE-2020-15810 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | 6.5 |
| 2020-09-02 | CVE-2020-16150 | Information Exposure Through Discrepancy vulnerability in multiple products A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. | 5.5 |
| 2020-09-02 | CVE-2020-25073 | Exposure of Resource to Wrong Sphere vulnerability in Debian Freedombox FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. | 5.3 |
| 2020-08-31 | CVE-2020-14364 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. | 5.0 |
| 2020-08-30 | CVE-2020-8244 | Out-of-bounds Read vulnerability in multiple products A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls. | 6.5 |
| 2020-08-21 | CVE-2020-8624 | Improper Privilege Management vulnerability in multiple products In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | 4.3 |
| 2020-08-21 | CVE-2020-8622 | Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. | 6.5 |
| 2020-08-17 | CVE-2020-24370 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). | 5.3 |
| 2020-08-13 | CVE-2020-17538 | Out-of-bounds Write vulnerability in multiple products A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. | 5.5 |
| 2020-08-13 | CVE-2020-16310 | Divide By Zero vulnerability in multiple products A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. | 5.5 |