Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2021-01-06 CVE-2020-8287 Http Request Smuggling vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields).
network
low complexity
nodejs debian fedoraproject CWE-444
6.4
2021-01-06 CVE-2020-8265 USE After Free vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation.
6.8
2021-01-04 CVE-2020-25275 Improper Input Validation vulnerability in multiple products
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
network
low complexity
dovecot debian CWE-20
5.0
2021-01-04 CVE-2020-24386 An issue was discovered in Dovecot before 2.3.13.
network
dovecot debian
4.9
2020-12-30 CVE-2019-15523 Unchecked Return Value vulnerability in multiple products
An issue was discovered in LINBIT csync2 through 2.0.
network
low complexity
linbit debian CWE-252
5.0
2020-12-20 CVE-2020-35573 Resource Exhaustion vulnerability in multiple products
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
network
low complexity
postsrsd-prject debian CWE-400
5.0
2020-12-18 CVE-2020-35480 Information Exposure vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.1.
network
low complexity
mediawiki debian CWE-200
5.0
2020-12-18 CVE-2020-35479 Cross-Site Scripting vulnerability in multiple products
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
4.3
2020-12-18 CVE-2020-35477 Improper Input Validation vulnerability in multiple products
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations.
network
low complexity
mediawiki debian CWE-20
5.0
2020-12-18 CVE-2020-35475 Improper Encoding OR Escaping of Output vulnerability in multiple products
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML.
network
low complexity
mediawiki debian CWE-116
5.0