Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-20 CVE-2020-13230 Improper Preservation of Permissions vulnerability in multiple products
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
network
low complexity
cacti debian fedoraproject CWE-281
4.3
2020-05-19 CVE-2020-8021 a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.
network
low complexity
opensuse debian
5.3
2020-05-19 CVE-2020-8617 Reachable Assertion vulnerability in multiple products
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server.
network
high complexity
isc debian fedoraproject opensuse canonical CWE-617
5.9
2020-05-18 CVE-2020-13143 Out-of-bounds Read vulnerability in multiple products
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
network
low complexity
linux opensuse debian canonical netapp CWE-125
6.5
2020-05-15 CVE-2020-12888 Improper Handling of Exceptional Conditions vulnerability in multiple products
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
5.3
2020-05-15 CVE-2020-11523 Integer Overflow or Wraparound vulnerability in multiple products
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.
network
high complexity
freerdp debian canonical opensuse CWE-190
6.6
2020-05-15 CVE-2020-11522 Out-of-bounds Read vulnerability in multiple products
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.
network
low complexity
freerdp debian canonical opensuse CWE-125
6.5
2020-05-15 CVE-2020-11521 Integer Overflow or Wraparound vulnerability in multiple products
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
network
high complexity
freerdp canonical opensuse debian CWE-190
6.6
2020-05-15 CVE-2020-3810 Out-of-bounds Read vulnerability in multiple products
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
local
low complexity
debian fedoraproject canonical CWE-125
5.5
2020-05-14 CVE-2020-0093 Out-of-bounds Read vulnerability in multiple products
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check.
5.0