Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-10 CVE-2020-6097 Reachable Assertion vulnerability in multiple products
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1.
network
low complexity
atftp-project debian opensuse CWE-617
5.0
2020-09-09 CVE-2020-25212 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
4.4
2020-09-09 CVE-2020-25211 Classic Buffer Overflow vulnerability in multiple products
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
local
low complexity
linux debian fedoraproject CWE-120
6.0
2020-09-04 CVE-2020-24977 Out-of-bounds Read vulnerability in multiple products
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
6.5
2020-09-02 CVE-2020-15811 Incorrect Comparison vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
6.5
2020-09-02 CVE-2020-15810 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
6.5
2020-09-02 CVE-2020-16150 Information Exposure Through Discrepancy vulnerability in multiple products
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information.
local
low complexity
arm fedoraproject debian CWE-203
5.5
2020-09-02 CVE-2020-25073 Exposure of Resource to Wrong Sphere vulnerability in Debian Freedombox
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection.
network
low complexity
debian CWE-668
5.0
2020-08-31 CVE-2020-14364 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0.
5.0
2020-08-31 CVE-2020-25032 Path Traversal vulnerability in multiple products
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9.
network
low complexity
flask-cors-project debian opensuse CWE-22
5.0