Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-06 | CVE-2020-8287 | Http Request Smuggling vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). | 6.4 |
2021-01-06 | CVE-2020-8265 | USE After Free vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. | 6.8 |
2021-01-04 | CVE-2020-25275 | Improper Input Validation vulnerability in multiple products Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. | 5.0 |
2021-01-04 | CVE-2020-24386 | An issue was discovered in Dovecot before 2.3.13. | 4.9 |
2020-12-30 | CVE-2019-15523 | Unchecked Return Value vulnerability in multiple products An issue was discovered in LINBIT csync2 through 2.0. | 5.0 |
2020-12-20 | CVE-2020-35573 | Resource Exhaustion vulnerability in multiple products srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address. | 5.0 |
2020-12-18 | CVE-2020-35480 | Information Exposure vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.1. | 5.0 |
2020-12-18 | CVE-2020-35479 | Cross-Site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. | 4.3 |
2020-12-18 | CVE-2020-35477 | Improper Input Validation vulnerability in multiple products MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. | 5.0 |
2020-12-18 | CVE-2020-35475 | Improper Encoding OR Escaping of Output vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. | 5.0 |