Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-17 CVE-2020-14401 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer before 0.9.13.
6.5
2020-06-15 CVE-2020-4051 In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin.
network
low complexity
openjsf debian netapp
5.4
2020-06-15 CVE-2020-14093 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
network
high complexity
mutt canonical debian opensuse CWE-319
5.9
2020-06-12 CVE-2020-4048 In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked.
network
low complexity
wordpress fedoraproject debian
5.7
2020-06-12 CVE-2020-4047 In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way.
network
low complexity
wordpress fedoraproject debian
6.8
2020-06-12 CVE-2020-4046 Cross-site Scripting vulnerability in multiple products
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor.
network
low complexity
wordpress debian fedoraproject CWE-79
5.4
2020-06-11 CVE-2020-0182 Out-of-bounds Read vulnerability in multiple products
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check.
network
low complexity
google debian CWE-125
6.5
2020-06-09 CVE-2020-13965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube debian fedoraproject CWE-79
6.1
2020-06-09 CVE-2020-13964 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
2020-06-08 CVE-2020-13696 Incorrect Authorization vulnerability in multiple products
An issue was discovered in LinuxTV xawtv before 3.107.
4.4