Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-15476 | Out-of-bounds Read vulnerability in multiple products In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. | 7.5 |
| 2020-06-29 | CVE-2020-4067 | In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. | 7.5 |
| 2020-06-26 | CVE-2020-11996 | A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. | 7.5 |
| 2020-06-24 | CVE-2020-9494 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. | 7.5 |
| 2020-06-24 | CVE-2020-12865 | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | 8.0 |
| 2020-06-22 | CVE-2020-4031 | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. | 7.5 |
| 2020-06-19 | CVE-2020-14929 | Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | 7.5 |
| 2020-06-19 | CVE-2020-8184 | Improper Input Validation vulnerability in multiple products A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | 7.5 |
| 2020-06-19 | CVE-2020-8164 | Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | 7.5 |
| 2020-06-19 | CVE-2020-8162 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | 7.5 |