Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-22 CVE-2020-6511 Information Exposure Through an Error Message vulnerability in multiple products
Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-209
6.5
2020-07-17 CVE-2020-15586 Race Condition vulnerability in multiple products
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
5.9
2020-07-17 CVE-2020-14928 Injection vulnerability in multiple products
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3.
network
high complexity
gnome debian fedoraproject canonical CWE-74
5.9
2020-07-17 CVE-2020-15803 Cross-site Scripting vulnerability in multiple products
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
network
low complexity
zabbix fedoraproject debian opensuse CWE-79
6.1
2020-07-09 CVE-2020-10756 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator.
6.5
2020-07-09 CVE-2020-12402 Information Exposure Through Discrepancy vulnerability in multiple products
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow.
local
high complexity
mozilla opensuse fedoraproject debian CWE-203
4.4
2020-07-09 CVE-2020-12399 Information Exposure Through Discrepancy vulnerability in multiple products
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.
local
high complexity
mozilla debian CWE-203
4.4
2020-07-07 CVE-2020-10730 Use After Free vulnerability in multiple products
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4.
network
low complexity
samba redhat opensuse fedoraproject debian CWE-416
6.5
2020-07-07 CVE-2020-15566 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation.
local
low complexity
xen debian CWE-754
6.5
2020-07-07 CVE-2020-15564 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info.
local
low complexity
xen debian fedoraproject CWE-119
6.5