Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-28242 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5.
network
low complexity
asterisk sangoma fedoraproject debian CWE-674
6.5
2020-11-06 CVE-2020-28241 Out-of-bounds Read vulnerability in multiple products
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
network
low complexity
maxmind debian fedoraproject CWE-125
6.5
2020-11-04 CVE-2020-28049 Race Condition vulnerability in multiple products
An issue was discovered in SDDM before 0.19.0.
6.3
2020-11-03 CVE-2020-6557 Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
6.5
2020-11-03 CVE-2020-15999 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.5
2020-11-03 CVE-2020-15989 Use of Uninitialized Resource vulnerability in multiple products
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
local
low complexity
google fedoraproject opensuse debian CWE-908
5.5
2020-11-03 CVE-2020-15988 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
network
low complexity
google fedoraproject debian opensuse
6.3
2020-11-03 CVE-2020-15986 Use After Free vulnerability in multiple products
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject opensuse debian CWE-416
6.5
2020-11-03 CVE-2020-15985 Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject debian opensuse
6.5
2020-11-03 CVE-2020-15984 Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
network
low complexity
google fedoraproject opensuse debian
6.5