Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-15 CVE-2020-0499 Out-of-bounds Read vulnerability in multiple products
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow.
network
low complexity
google debian fedoraproject CWE-125
4.3
2020-12-12 CVE-2020-35176 Path Traversal vulnerability in multiple products
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format.
network
low complexity
awstats debian fedoraproject CWE-22
5.3
2020-12-11 CVE-2020-27825 A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1).
local
high complexity
linux redhat debian netapp
5.7
2020-12-11 CVE-2020-26421 Out-of-bounds Read vulnerability in multiple products
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject debian oracle CWE-125
5.3
2020-12-11 CVE-2020-26418 Memory Leak vulnerability in multiple products
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject debian oracle CWE-401
5.3
2020-12-10 CVE-2020-27350 Integer Overflow or Wraparound vulnerability in multiple products
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc.
local
low complexity
debian netapp CWE-190
5.7
2020-12-09 CVE-2020-16589 Out-of-bounds Write vulnerability in multiple products
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
local
low complexity
openexr debian CWE-787
5.5
2020-12-09 CVE-2020-16588 NULL Pointer Dereference vulnerability in multiple products
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
local
low complexity
openexr debian CWE-476
5.5
2020-12-09 CVE-2020-16587 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
local
low complexity
openexr debian CWE-787
5.5
2020-12-09 CVE-2020-29660 Improper Locking vulnerability in multiple products
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
4.4