Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2020-6426 | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2020-03-23 | CVE-2020-6425 | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. | 5.4 |
| 2020-03-23 | CVE-2020-1951 | Infinite Loop vulnerability in multiple products A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. | 5.5 |
| 2020-03-23 | CVE-2020-1950 | Resource Exhaustion vulnerability in multiple products A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. | 5.5 |
| 2020-03-22 | CVE-2020-10803 | SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). | 5.4 |
| 2020-03-20 | CVE-2019-18860 | Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | 6.1 |
| 2020-03-19 | CVE-2020-5267 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. | 4.8 |
| 2020-03-19 | CVE-2019-20485 | Improper Input Validation vulnerability in multiple products qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | 5.7 |
| 2020-03-18 | CVE-2019-12921 | Command Injection vulnerability in multiple products In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | 4.3 |
| 2020-03-16 | CVE-2019-20326 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | 6.8 |