Vulnerabilities > Debian > Debian Linux > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-13 | CVE-2020-5390 | Improper Verification of Cryptographic Signature vulnerability in multiple products PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). | 7.5 |
2020-01-13 | CVE-2020-6851 | Out-of-bounds Write vulnerability in multiple products OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. | 7.5 |
2020-01-10 | CVE-2020-6377 | Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-01-10 | CVE-2019-13767 | Use After Free vulnerability in multiple products Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-01-09 | CVE-2019-20373 | LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. | 7.2 |
2020-01-06 | CVE-2019-18625 | An issue was discovered in Suricata 5.0.0. | 7.5 |
2020-01-05 | CVE-2019-19911 | Integer Overflow or Wraparound vulnerability in multiple products There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. | 7.5 |
2020-01-03 | CVE-2020-5313 | Out-of-bounds Read vulnerability in multiple products libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | 7.1 |
2020-01-02 | CVE-2019-20218 | Improper Handling of Exceptional Conditions vulnerability in multiple products selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | 7.5 |
2019-12-26 | CVE-2019-16789 | HTTP Request Smuggling vulnerability in multiple products In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. | 8.2 |