Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-07 CVE-2020-15563 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash.
local
low complexity
xen debian fedoraproject opensuse CWE-119
6.5
2020-07-06 CVE-2020-15569 Use After Free vulnerability in multiple products
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
local
low complexity
milkytracker-project debian CWE-416
5.5
2020-07-06 CVE-2020-15562 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7.
network
low complexity
roundcube debian CWE-79
6.1
2020-07-02 CVE-2020-8166 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
network
low complexity
rubyonrails debian CWE-352
4.3
2020-07-02 CVE-2020-9498 Out-of-bounds Write vulnerability in multiple products
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels.
local
high complexity
apache fedoraproject debian CWE-787
6.7
2020-07-02 CVE-2020-9497 Improper Input Validation vulnerability in multiple products
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels.
local
high complexity
apache fedoraproject debian CWE-20
4.4
2020-06-29 CVE-2020-15393 Memory Leak vulnerability in multiple products
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
local
low complexity
linux debian opensuse canonical CWE-401
5.5
2020-06-29 CVE-2020-15389 Use After Free vulnerability in multiple products
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor.
network
high complexity
uclouvain debian oracle CWE-416
6.5
2020-06-26 CVE-2020-15306 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in OpenEXR before v2.5.2.
5.5
2020-06-26 CVE-2020-15305 Use After Free vulnerability in multiple products
An issue was discovered in OpenEXR before 2.5.2.
5.5