Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-08 | CVE-2020-27821 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. | 6.0 |
| 2020-12-08 | CVE-2020-27750 | A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. | 5.5 |
| 2020-12-08 | CVE-2020-25676 | In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. | 5.5 |
| 2020-12-08 | CVE-2020-25674 | WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. | 5.5 |
| 2020-12-08 | CVE-2020-25665 | Out-of-bounds Read vulnerability in multiple products The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. | 5.5 |
| 2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |
| 2020-12-07 | CVE-2020-28935 | Link Following vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. | 5.5 |
| 2020-12-04 | CVE-2020-27770 | Integer Overflow or Wraparound vulnerability in multiple products Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. | 5.5 |
| 2020-12-04 | CVE-2020-29565 | Open Redirect vulnerability in multiple products An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. | 6.1 |
| 2020-12-04 | CVE-2020-28916 | Infinite Loop vulnerability in multiple products hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | 5.5 |