Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-17 | CVE-2020-14397 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.0 |
| 2020-06-17 | CVE-2020-14396 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.0 |
| 2020-06-17 | CVE-2019-20840 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
| 2020-06-17 | CVE-2019-20839 | Classic Buffer Overflow vulnerability in multiple products libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | 7.5 |
| 2020-06-17 | CVE-2018-21247 | Missing Initialization of Resource vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
| 2020-06-16 | CVE-2020-14195 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | 6.8 |
| 2020-06-15 | CVE-2020-4051 | Cross-site Scripting vulnerability in multiple products In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. | 5.4 |
| 2020-06-15 | CVE-2020-14148 | Out-of-bounds Read vulnerability in multiple products The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. | 7.5 |
| 2020-06-15 | CVE-2020-14147 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | 4.0 |
| 2020-06-15 | CVE-2020-14152 | Resource Exhaustion vulnerability in multiple products In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. | 7.1 |