Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-6464 Type Confusion vulnerability in multiple products
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian opensuse CWE-843
8.8
2020-05-21 CVE-2020-6463 Use After Free vulnerability in multiple products
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2020-05-21 CVE-2020-6459 Use After Free vulnerability in multiple products
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
2020-05-21 CVE-2020-6458 Out-of-bounds Write vulnerability in multiple products
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian CWE-787
8.8
2020-05-20 CVE-2020-9484 Deserialization of Untrusted Data vulnerability in multiple products
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control.
7.0
2020-05-19 CVE-2020-13164 Uncontrolled Recursion vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash.
network
low complexity
wireshark debian opensuse fedoraproject CWE-674
7.5
2020-05-19 CVE-2020-10995 Resource Exhaustion vulnerability in multiple products
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks.
network
low complexity
powerdns fedoraproject debian opensuse CWE-400
7.5
2020-05-19 CVE-2020-8616 Resource Exhaustion vulnerability in multiple products
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral.
network
low complexity
isc debian CWE-400
8.6
2020-05-19 CVE-2020-12663 Infinite Loop vulnerability in multiple products
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
7.5
2020-05-19 CVE-2020-12662 Resource Exhaustion vulnerability in multiple products
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue.
7.5