Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-29 CVE-2020-11017 In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server.
network
low complexity
freerdp opensuse debian
6.5
2020-05-28 CVE-2020-11082 In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links.
network
low complexity
kaminari-project debian
6.1
2020-05-28 CVE-2019-20807 OS Command Injection vulnerability in multiple products
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
5.3
2020-05-27 CVE-2020-13632 NULL Pointer Dereference vulnerability in multiple products
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
5.5
2020-05-27 CVE-2020-13253 Out-of-bounds Read vulnerability in multiple products
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations.
local
low complexity
qemu canonical debian CWE-125
5.5
2020-05-26 CVE-2020-3812 Improper Privilege Management vulnerability in multiple products
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability.
local
low complexity
netqmail debian canonical CWE-269
5.5
2020-05-24 CVE-2020-13434 Integer Overflow or Wraparound vulnerability in multiple products
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
5.5
2020-05-22 CVE-2020-13397 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeRDP before 2.1.1.
local
low complexity
freerdp debian opensuse canonical CWE-125
5.5
2020-05-22 CVE-2020-10711 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.
network
high complexity
linux redhat debian opensuse canonical CWE-476
5.9
2020-05-21 CVE-2020-6491 Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name.
network
low complexity
google debian opensuse fedoraproject
6.5