Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-03 CVE-2020-15982 Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google fedoraproject debian opensuse
6.5
2020-11-03 CVE-2020-15981 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google fedoraproject opensuse debian CWE-125
6.5
2020-11-03 CVE-2020-15977 Improper Input Validation vulnerability in multiple products
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse CWE-20
6.5
2020-11-03 CVE-2020-15973 Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
network
low complexity
google fedoraproject opensuse debian
6.5
2020-11-02 CVE-2020-28040 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
network
low complexity
wordpress debian canonical CWE-352
4.3
2020-11-02 CVE-2020-28038 Cross-site Scripting vulnerability in multiple products
WordPress before 5.5.2 allows stored XSS via post slugs.
network
low complexity
wordpress fedoraproject debian CWE-79
6.1
2020-11-02 CVE-2020-28034 Cross-site Scripting vulnerability in multiple products
WordPress before 5.5.2 allows XSS associated with global variables.
network
low complexity
wordpress fedoraproject debian CWE-79
6.1
2020-10-29 CVE-2020-14323 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.
local
low complexity
samba opensuse fedoraproject debian CWE-476
5.5
2020-10-22 CVE-2020-27675 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.
local
high complexity
linux fedoraproject debian CWE-416
4.7
2020-10-22 CVE-2020-27674 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
local
low complexity
xen fedoraproject debian CWE-787
5.3