Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2020-11-23 CVE-2019-14586 Use After Free vulnerability in multiple products
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
low complexity
tianocore debian CWE-416
8.0
8.0
2020-11-23 CVE-2019-14575 Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
tianocore debian
7.8
7.8
2020-11-23 CVE-2019-14563 Incorrect Conversion between Numeric Types vulnerability in multiple products
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
tianocore debian CWE-681
7.8
7.8
2020-11-20 CVE-2020-20740 Out-of-bounds Write vulnerability in multiple products
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). 		7.8
7.8
2020-11-20 CVE-2020-19667 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
local
low complexity
imagemagick debian CWE-787
7.8
7.8
2020-11-19 CVE-2020-28949 Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
local
low complexity
php debian fedoraproject drupal
7.8
7.8
2020-11-19 CVE-2020-28948 Deserialization of Untrusted Data vulnerability in multiple products
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
local
low complexity
php debian fedoraproject drupal CWE-502
7.8
7.8
2020-11-16 CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.
network
low complexity
xstream-project debian netapp apache oracle
8.8
8.8
2020-11-16 CVE-2020-25695 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
low complexity
postgresql debian
8.8
8.8
2020-11-16 CVE-2020-25694 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
high complexity
postgresql debian
8.1
8.1