Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-25 | CVE-2020-29074 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. | 8.8 |
| 2020-11-25 | CVE-2020-25650 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. | 5.5 |
| 2020-11-24 | CVE-2020-26237 | Modification of Assumed-Immutable Data (MAID) vulnerability in multiple products Highlight.js is a syntax highlighter written in JavaScript. | 8.7 |
| 2020-11-24 | CVE-2020-25654 | An ACL bypass flaw was found in pacemaker. | 7.2 |
| 2020-11-24 | CVE-2020-28928 | Out-of-bounds Write vulnerability in multiple products In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | 5.5 |
| 2020-11-23 | CVE-2020-28984 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. | 7.5 |
| 2020-11-23 | CVE-2020-25696 | Permissive Whitelist vulnerability in multiple products A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 7.5 |
| 2020-11-23 | CVE-2020-28896 | Insufficiently Protected Credentials vulnerability in multiple products Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. | 2.6 |
| 2020-11-23 | CVE-2020-0569 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | 5.7 |
| 2020-11-23 | CVE-2019-14587 | Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 3.3 |