Latest Debian Security Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-25219 | Out-Of-Bounds Write vulnerability in multiple products url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. | |
| 2020-09-03 | CVE-2020-7729 | Insecure Default Initialization of Resource vulnerability in multiple products The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. | |
| 2020-09-02 | CVE-2020-24654 | Path Traversal vulnerability in multiple products In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | |
| 2020-09-02 | CVE-2020-15811 | Http Request Smuggling vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | |
| 2020-09-02 | CVE-2020-15810 | Http Request Smuggling vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | |
| 2020-09-02 | CVE-2020-25073 | Exposure of Resource TO Wrong Sphere vulnerability in Debian Freedombox FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. | |
| 2020-08-31 | CVE-2020-14364 | Out-Of-Bounds Read vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. | |
| 2020-08-31 | CVE-2020-12829 | Integer Overflow OR Wraparound vulnerability in multiple products In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. | |
| 2020-08-24 | CVE-2020-24606 | Improper Input Validation vulnerability in multiple products Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. | |
| 2020-08-24 | CVE-2020-14350 | Untrusted Search Path vulnerability in multiple products It was found that some PostgreSQL extensions did not use search_path safely in their installation script. |