Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-26215 Open Redirect vulnerability in multiple products
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability.
5.8
2020-11-12 CVE-2020-8698 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2020-11-12 CVE-2020-8696 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel netapp fedoraproject debian CWE-212
5.5
2020-11-12 CVE-2020-8695 Information Exposure Through Discrepancy vulnerability in multiple products
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
local
low complexity
intel fedoraproject debian CWE-203
5.5
2020-11-12 CVE-2020-25706 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field
network
low complexity
cacti debian CWE-79
6.1
2020-11-10 CVE-2020-28368 Missing Authorization vulnerability in multiple products
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack.
local
low complexity
xen fedoraproject debian CWE-862
4.4
2020-11-06 CVE-2020-27617 Reachable Assertion vulnerability in multiple products
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure.
network
low complexity
qemu debian CWE-617
4.0
2020-11-06 CVE-2020-17490 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
local
low complexity
saltstack debian CWE-732
5.5
2020-11-06 CVE-2020-28242 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5.
network
low complexity
asterisk sangoma fedoraproject debian CWE-674
6.5
2020-11-06 CVE-2020-28241 Out-of-bounds Read vulnerability in multiple products
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
network
low complexity
maxmind debian fedoraproject CWE-125
6.5