Filtered by vendor Debian
Subscribe
Total
8961 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10673 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). | |||||
| CVE-2020-10672 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). | |||||
| CVE-2020-10663 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Macos, Debian Linux, Fedora and 3 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. | |||||
| CVE-2020-10531 | 9 Canonical, Debian, Fedoraproject and 6 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. | |||||
| CVE-2020-10232 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. | |||||
| CVE-2020-10188 | 6 Arista, Debian, Fedoraproject and 3 more | 6 Eos, Debian Linux, Fedora and 3 more | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. | |||||
| CVE-2020-10177 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. | |||||
| CVE-2020-10109 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. | |||||
| CVE-2020-10108 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. | |||||
| CVE-2020-10029 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. | |||||
| CVE-2020-10018 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. | |||||
| CVE-2020-0549 | 5 Canonical, Debian, Fedoraproject and 2 more | 858 Ubuntu Linux, Debian Linux, Fedora and 855 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-0499 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Android | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 | |||||
| CVE-2020-0198 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 | |||||
| CVE-2019-9959 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 7 Debian Linux, Fedora, Poppler and 4 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. | |||||
| CVE-2019-9948 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2023-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | |||||
| CVE-2019-9903 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | |||||
| CVE-2019-9898 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | |||||
| CVE-2019-9897 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | |||||
| CVE-2019-9894 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2023-11-07 | 6.4 MEDIUM | 7.5 HIGH |
| A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | |||||