Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-26 CVE-2020-25653 Race Condition vulnerability in multiple products
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections.
local
high complexity
spice-space debian fedoraproject CWE-362
6.3
2020-11-26 CVE-2020-25652 A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`.
local
low complexity
spice-space debian fedoraproject
5.5
2020-11-26 CVE-2020-25651 A flaw was found in the SPICE file transfer protocol.
local
high complexity
spice-space debian fedoraproject
6.4
2020-11-25 CVE-2020-25650 A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine.
local
low complexity
spice-space debian fedoraproject
5.5
2020-11-24 CVE-2020-28928 Out-of-bounds Write vulnerability in multiple products
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
5.5
2020-11-23 CVE-2020-28896 Improper Handling of Exceptional Conditions vulnerability in multiple products
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid.
network
high complexity
neomutt mutt debian CWE-755
5.3
2020-11-23 CVE-2020-0569 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
5.7
2020-11-23 CVE-2019-14587 Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
low complexity
tianocore debian
6.5
2020-11-23 CVE-2019-14562 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
local
low complexity
tianocore debian CWE-190
5.5
2020-11-20 CVE-2020-20739 Missing Initialization of Resource vulnerability in multiple products
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
network
low complexity
libvips debian fedoraproject CWE-909
5.3