Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-12-07 CVE-2020-28935 Link Following vulnerability in multiple products
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack.
local
low complexity
nlnetlabs debian CWE-59
5.5
2020-12-04 CVE-2020-27770 Integer Overflow or Wraparound vulnerability in multiple products
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability.
local
low complexity
imagemagick debian CWE-190
5.5
2020-12-04 CVE-2020-29565 Open Redirect vulnerability in multiple products
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x.
5.8
2020-12-04 CVE-2020-28916 Infinite Loop vulnerability in multiple products
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
local
low complexity
qemu debian CWE-835
5.5
2020-12-03 CVE-2020-27783 Cross-site Scripting vulnerability in multiple products
A XSS vulnerability was discovered in python-lxml's clean module.
6.1
2020-12-03 CVE-2020-27762 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in ImageMagick in coders/hdr.c.
local
low complexity
imagemagick debian CWE-190
5.5
2020-12-03 CVE-2020-27760 Divide By Zero vulnerability in multiple products
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick.
local
low complexity
imagemagick debian CWE-369
5.5
2020-12-03 CVE-2020-14351 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux redhat debian CWE-416
4.6
2020-12-02 CVE-2020-25704 Memory Leak vulnerability in multiple products
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER.
local
low complexity
linux debian starwindsoftware CWE-401
5.5