Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-28 | CVE-2020-35738 | Integer Overflow or Wraparound vulnerability in multiple products WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. | 6.1 |
| 2020-12-27 | CVE-2020-35728 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). | 8.1 |
| 2020-12-24 | CVE-2020-28169 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. | 6.9 |
| 2020-12-21 | CVE-2020-35605 | The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message. | 7.5 |
| 2020-12-20 | CVE-2020-35573 | Excessive Iteration vulnerability in multiple products srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address. | 5.0 |
| 2020-12-18 | CVE-2020-35480 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.1. | 5.3 |
| 2020-12-18 | CVE-2020-35479 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. | 6.1 |
| 2020-12-18 | CVE-2020-35477 | Always-Incorrect Control Flow Implementation vulnerability in multiple products MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. | 5.3 |
| 2020-12-18 | CVE-2020-35475 | Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. | 7.5 |
| 2020-12-17 | CVE-2020-35491 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. | 6.8 |