Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-07 CVE-2020-13904 Use After Free vulnerability in multiple products
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
local
low complexity
ffmpeg canonical debian CWE-416
5.5
2020-06-04 CVE-2020-13765 Out-of-bounds Write vulnerability in multiple products
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
network
high complexity
qemu canonical debian CWE-787
5.6
2020-06-03 CVE-2020-6498 Incorrect Default Permissions vulnerability in multiple products
Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian CWE-276
6.5
2020-06-03 CVE-2020-6497 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI.
network
low complexity
google debian CWE-276
6.5
2020-06-03 CVE-2020-6495 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google debian opensuse CWE-276
6.5
2020-06-03 CVE-2020-6494 Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google debian opensuse
6.5
2020-06-03 CVE-2020-13596 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
6.1
2020-06-03 CVE-2020-13254 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
5.9
2020-06-03 CVE-2019-20811 An issue was discovered in the Linux kernel before 5.0.6.
local
low complexity
linux debian canonical
5.5
2020-06-02 CVE-2020-13754 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
local
low complexity
qemu canonical debian CWE-119
6.7