Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-05 | CVE-2020-15466 | Infinite Loop vulnerability in multiple products In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. | 7.5 |
| 2020-07-02 | CVE-2020-15469 | NULL Pointer Dereference vulnerability in multiple products In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | 2.1 |
| 2020-07-02 | CVE-2020-8166 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. | 4.3 |
| 2020-07-02 | CVE-2020-8163 | Code Injection vulnerability in multiple products The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. | 6.5 |
| 2020-07-02 | CVE-2020-8161 | Path Traversal vulnerability in multiple products A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | 8.6 |
| 2020-07-02 | CVE-2020-15503 | Improper Input Validation vulnerability in multiple products LibRaw before 0.20-RC1 lacks a thumbnail size range check. | 7.5 |
| 2020-07-02 | CVE-2020-9498 | Out-of-bounds Write vulnerability in multiple products Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. | 6.7 |
| 2020-07-02 | CVE-2020-9497 | Improper Input Validation vulnerability in multiple products Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. | 4.4 |
| 2020-07-01 | CVE-2020-15476 | Out-of-bounds Read vulnerability in multiple products In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. | 5.0 |
| 2020-07-01 | CVE-2020-15472 | Out-of-bounds Read vulnerability in multiple products In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short. | 6.4 |