Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-24 CVE-2020-28169 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
local
high complexity
td-agent-builder-project debian CWE-732
7.0
7.0
2020-12-20 CVE-2020-35573 Excessive Iteration vulnerability in multiple products
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
network
low complexity
postsrsd-project debian CWE-834
7.5
7.5
2020-12-18 CVE-2020-35475 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML.
network
low complexity
mediawiki debian fedoraproject CWE-79
7.5
7.5
2020-12-17 CVE-2020-35491 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2020-12-17 CVE-2020-35490 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2020-12-16 CVE-2020-29363 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in p11-kit 0.23.6 through 0.23.21.
network
low complexity
p11-kit-project debian oracle CWE-787
7.5
7.5
2020-12-16 CVE-2020-29361 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in p11-kit 0.21.1 through 0.23.21.
network
low complexity
p11-kit-project debian CWE-190
7.5
7.5
2020-12-16 CVE-2020-26258 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject
7.7
7.7
2020-12-15 CVE-2020-29481 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-269
8.8
8.8
2020-12-15 CVE-2020-29479 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
8.8
8.8