Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-30 CVE-2020-8244 Out-of-bounds Read vulnerability in multiple products
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
network
low complexity
bufferlist-project debian CWE-125
6.4
2020-08-21 CVE-2020-8624 Improper Privilege Management vulnerability in multiple products
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
4.3
2020-08-21 CVE-2020-8622 Reachable Assertion vulnerability in multiple products
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.
6.5
2020-08-17 CVE-2020-1472 Use of Insufficiently Random Values vulnerability in multiple products
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).
5.5
2020-08-17 CVE-2020-24370 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
network
low complexity
lua fedoraproject debian CWE-191
5.3
2020-08-13 CVE-2020-17538 Out-of-bounds Write vulnerability in multiple products
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file.
local
low complexity
artifex debian canonical CWE-787
5.5
2020-08-13 CVE-2020-16310 Divide By Zero vulnerability in multiple products
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file.
local
low complexity
artifex debian canonical CWE-369
5.5
2020-08-13 CVE-2020-16309 Out-of-bounds Write vulnerability in multiple products
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file.
local
low complexity
artifex debian canonical CWE-787
5.5
2020-08-13 CVE-2020-16308 Out-of-bounds Write vulnerability in multiple products
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file.
local
low complexity
artifex debian canonical CWE-787
5.5
2020-08-13 CVE-2020-16307 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file.
local
low complexity
artifex debian canonical CWE-476
5.5