Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-13 | CVE-2020-25645 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in the Linux kernel in versions before 5.9-rc7. | 5.0 |
2020-10-12 | CVE-2020-15250 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. | 5.5 |
2020-10-12 | CVE-2020-13943 | If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. | 4.3 |
2020-10-10 | CVE-2020-26934 | Cross-site Scripting vulnerability in multiple products phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 6.1 |
2020-10-10 | CVE-2020-26932 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | 4.3 |
2020-10-07 | CVE-2020-26870 | Cross-site Scripting vulnerability in multiple products Cure53 DOMPurify before 2.0.17 allows mutation XSS. | 4.3 |
2020-10-07 | CVE-2020-14355 | Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. | 6.6 |
2020-10-06 | CVE-2020-25641 | Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. | 5.5 |
2020-10-06 | CVE-2020-26572 | Out-of-bounds Write vulnerability in multiple products The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. | 5.5 |
2020-10-06 | CVE-2020-26571 | Out-of-bounds Write vulnerability in multiple products The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. | 5.5 |