Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2020-11-02 CVE-2020-28037 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
network
low complexity
wordpress fedoraproject debian CWE-754
critical
 9.8
9.8
2020-11-02 CVE-2020-28036 Missing Authorization vulnerability in multiple products
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
network
low complexity
wordpress fedoraproject debian CWE-862
critical
 9.8
9.8
2020-11-02 CVE-2020-28035 WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
network
low complexity
wordpress fedoraproject debian
critical
 9.8
9.8
2020-11-02 CVE-2020-28034 Cross-site Scripting vulnerability in multiple products
WordPress before 5.5.2 allows XSS associated with global variables.
network
low complexity
wordpress fedoraproject debian CWE-79
6.1
6.1
2020-11-02 CVE-2020-28033 WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
network
low complexity
wordpress fedoraproject debian
7.5
7.5
2020-11-02 CVE-2020-28032 Deserialization of Untrusted Data vulnerability in multiple products
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
network
low complexity
wordpress fedoraproject debian CWE-502
critical
 9.8
9.8
2020-11-02 CVE-2020-28030 Infinite Loop vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash.
network
low complexity
wireshark debian fedoraproject CWE-835
7.5
7.5
2020-10-29 CVE-2020-14323 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.
local
low complexity
samba opensuse fedoraproject debian CWE-476
5.5
5.5
2020-10-27 CVE-2020-15238 Argument Injection or Modification vulnerability in multiple products
Blueman is a GTK+ Bluetooth Manager.
local
high complexity
blueman-project debian fedoraproject CWE-88
7.0
7.0
2020-10-23 CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
local
high complexity
eclipse netapp oracle apache debian
7.0
7.0