Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2020-11-26 CVE-2020-29130 Out-of-bounds Read vulnerability in multiple products
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
network
low complexity
libslirp-project debian fedoraproject CWE-125
4.3
4.3
2020-11-26 CVE-2020-29129 Out-of-bounds Read vulnerability in multiple products
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
network
low complexity
libslirp-project fedoraproject debian CWE-125
4.3
4.3
2020-11-26 CVE-2020-25653 Race Condition vulnerability in multiple products
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections.
local
high complexity
spice-space debian fedoraproject CWE-362
6.3
6.3
2020-11-26 CVE-2020-25652 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`.
local
low complexity
spice-space debian fedoraproject CWE-770
5.5
5.5
2020-11-26 CVE-2020-25651 Race Condition vulnerability in multiple products
A flaw was found in the SPICE file transfer protocol.
local
high complexity
spice-space debian fedoraproject CWE-362
6.4
6.4
2020-11-25 CVE-2020-29074 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
network
low complexity
x11vnc-project fedoraproject debian CWE-732
8.8
8.8
2020-11-25 CVE-2020-25650 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine.
local
low complexity
spice-space debian fedoraproject CWE-770
5.5
5.5
2020-11-24 CVE-2020-26237 Modification of Assumed-Immutable Data (MAID) vulnerability in multiple products
Highlight.js is a syntax highlighter written in JavaScript.
network
low complexity
highlightjs debian oracle CWE-471
8.7
8.7
2020-11-24 CVE-2020-25654 An ACL bypass flaw was found in pacemaker.
network
low complexity
clusterlabs debian
7.2
7.2
2020-11-24 CVE-2020-28928 Out-of-bounds Write vulnerability in multiple products
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). 		5.5
5.5