Latest Debian Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-09-09 CVE-2020-25219 Out-Of-Bounds Write vulnerability in multiple products
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character.
network
low complexity
libproxy-project
debian
CWE-787
5.0
2020-09-03 CVE-2020-7729 Insecure Default Initialization of Resource vulnerability in multiple products
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
network
high complexity
gruntjs
debian
4.6
2020-09-02 CVE-2020-24654 Path Traversal vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
4.3
2020-09-02 CVE-2020-15811 Http Request Smuggling vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
4.0
2020-09-02 CVE-2020-15810 Http Request Smuggling vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
3.5
2020-09-02 CVE-2020-25073 Exposure of Resource TO Wrong Sphere vulnerability in Debian Freedombox
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection.
network
low complexity
debian
CWE-668
5.0
2020-08-31 CVE-2020-14364 Out-Of-Bounds Read vulnerability in multiple products
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0.
4.4
2020-08-31 CVE-2020-12829 Integer Overflow OR Wraparound vulnerability in multiple products
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation.
local
low complexity
qemu
canonical
debian
CWE-190
4.9
2020-08-24 CVE-2020-24606 Improper Input Validation vulnerability in multiple products
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message.
7.1
2020-08-24 CVE-2020-14350 Untrusted Search Path vulnerability in multiple products
It was found that some PostgreSQL extensions did not use search_path safely in their installation script.
4.4