Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-08 CVE-2020-27821 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache.
local
low complexity
qemu debian CWE-787
6.0
2020-12-08 CVE-2020-27750 A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h.
local
low complexity
imagemagick debian
5.5
2020-12-08 CVE-2020-25676 In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function.
local
low complexity
imagemagick debian
5.5
2020-12-08 CVE-2020-25674 WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow.
local
low complexity
imagemagick debian
5.5
2020-12-08 CVE-2020-25665 Out-of-bounds Read vulnerability in multiple products
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256.
local
low complexity
imagemagick debian CWE-125
5.5
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-12-07 CVE-2020-28935 Link Following vulnerability in multiple products
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack.
local
low complexity
nlnetlabs debian CWE-59
5.5
2020-12-04 CVE-2020-27770 Integer Overflow or Wraparound vulnerability in multiple products
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability.
local
low complexity
imagemagick debian CWE-190
5.5
2020-12-04 CVE-2020-29565 Open Redirect vulnerability in multiple products
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x.
network
low complexity
openstack debian CWE-601
6.1
2020-12-04 CVE-2020-28916 Infinite Loop vulnerability in multiple products
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
local
low complexity
qemu debian CWE-835
5.5