Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-12 | CVE-2020-4046 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. | 5.4 |
| 2020-06-11 | CVE-2020-0182 | Out-of-bounds Read vulnerability in multiple products In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. | 6.5 |
| 2020-06-09 | CVE-2020-13965 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. | 6.1 |
| 2020-06-09 | CVE-2020-13964 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. | 6.1 |
| 2020-06-08 | CVE-2020-13696 | Incorrect Authorization vulnerability in multiple products An issue was discovered in LinuxTV xawtv before 3.107. | 4.4 |
| 2020-06-07 | CVE-2020-13904 | Use After Free vulnerability in multiple products FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | 5.5 |
| 2020-06-04 | CVE-2020-13765 | Out-of-bounds Write vulnerability in multiple products rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. | 5.6 |
| 2020-06-03 | CVE-2020-6498 | Incorrect Default Permissions vulnerability in multiple products Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2020-06-03 | CVE-2020-6497 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. | 6.5 |
| 2020-06-03 | CVE-2020-6495 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 6.5 |