Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-06 CVE-2020-26570 Out-of-bounds Write vulnerability in multiple products
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
5.5
2020-10-02 CVE-2020-7070 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded.
5.3
2020-10-02 CVE-2020-7069 Inadequate Encryption Strength vulnerability in multiple products
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used.
6.5
2020-10-02 CVE-2020-26519 Out-of-bounds Write vulnerability in multiple products
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
local
low complexity
artifex debian fedoraproject CWE-787
5.5
2020-10-01 CVE-2020-15677 Open Redirect vulnerability in multiple products
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from.
network
low complexity
mozilla debian opensuse CWE-601
6.1
2020-10-01 CVE-2020-15676 Cross-site Scripting vulnerability in multiple products
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.
network
low complexity
mozilla debian opensuse CWE-79
6.1
2020-10-01 CVE-2020-15673 Use After Free vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2.
6.8
2020-09-30 CVE-2020-25626 Cross-site Scripting vulnerability in multiple products
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2.
network
low complexity
encode redhat debian CWE-79
6.1
2020-09-30 CVE-2020-26137 Injection vulnerability in multiple products
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest().
network
low complexity
python canonical debian oracle CWE-74
6.5
2020-09-25 CVE-2020-25625 Infinite Loop vulnerability in multiple products
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
4.7