Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-26 CVE-2020-25651 Race Condition vulnerability in multiple products
A flaw was found in the SPICE file transfer protocol.
local
high complexity
spice-space debian fedoraproject CWE-362
6.4
2020-11-25 CVE-2020-25650 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine.
local
low complexity
spice-space debian fedoraproject CWE-770
5.5
2020-11-24 CVE-2020-28928 Out-of-bounds Write vulnerability in multiple products
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
5.5
2020-11-23 CVE-2020-0569 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
5.7
2020-11-23 CVE-2019-14586 Use After Free vulnerability in multiple products
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
low complexity
tianocore debian CWE-416
5.2
2020-11-23 CVE-2019-14575 Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
tianocore debian
4.6
2020-11-23 CVE-2019-14563 Incorrect Conversion between Numeric Types vulnerability in multiple products
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
tianocore debian CWE-681
4.6
2020-11-20 CVE-2020-20739 Missing Initialization of Resource vulnerability in multiple products
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
network
low complexity
libvips debian fedoraproject CWE-909
5.3
2020-11-20 CVE-2020-28974 Out-of-bounds Read vulnerability in multiple products
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095.
local
low complexity
linux debian CWE-125
6.1
2020-11-19 CVE-2020-28941 Release of Invalid Pointer or Reference vulnerability in multiple products
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.
local
low complexity
linux fedoraproject debian CWE-763
5.5