Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-15 CVE-2020-14385 Incorrect Calculation of Buffer Size vulnerability in multiple products
A flaw was found in the Linux kernel before 5.9-rc4.
local
low complexity
linux debian canonical CWE-131
5.5
2020-09-15 CVE-2020-14314 Out-of-bounds Read vulnerability in multiple products
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing.
5.5
2020-09-15 CVE-2020-8927 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.
6.5
2020-09-13 CVE-2020-25285 NULL Pointer Dereference vulnerability in multiple products
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
4.4
2020-09-11 CVE-2020-14332 Improper Output Neutralization for Logs vulnerability in multiple products
A flaw was found in the Ansible Engine when using module_args.
local
low complexity
redhat debian CWE-117
5.5
2020-09-11 CVE-2020-14330 Information Exposure Through Log Files vulnerability in multiple products
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output.
local
low complexity
redhat debian CWE-532
5.5
2020-09-11 CVE-2020-15169 Cross-site Scripting vulnerability in multiple products
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers.
6.1
2020-09-11 CVE-2020-25269 Use After Free vulnerability in multiple products
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0.
network
low complexity
inspircd debian CWE-416
6.5
2020-09-11 CVE-2019-20917 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0.
network
low complexity
inspircd debian CWE-476
6.5
2020-09-10 CVE-2020-13920 Missing Authentication for Critical Function vulnerability in multiple products
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry.
network
high complexity
apache oracle debian CWE-306
5.9