Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-29 | CVE-2020-11019 | Out-of-bounds Read vulnerability in multiple products In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. | 6.5 |
2020-05-29 | CVE-2020-11018 | Out-of-bounds Read vulnerability in multiple products In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. | 6.5 |
2020-05-29 | CVE-2020-11017 | Double Free vulnerability in multiple products In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. | 6.5 |
2020-05-28 | CVE-2020-11082 | Cross-site Scripting vulnerability in multiple products In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. | 4.3 |
2020-05-28 | CVE-2020-13362 | Out-of-bounds Read vulnerability in multiple products In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. | 3.2 |
2020-05-28 | CVE-2020-13361 | Out-of-bounds Write vulnerability in multiple products In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. | 3.9 |
2020-05-28 | CVE-2019-20807 | OS Command Injection vulnerability in multiple products In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | 4.6 |
2020-05-27 | CVE-2020-10936 | Improper Privilege Management vulnerability in multiple products Sympa before 6.2.56 allows privilege escalation. | 7.8 |
2020-05-27 | CVE-2020-13632 | NULL Pointer Dereference vulnerability in multiple products ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | 5.5 |
2020-05-27 | CVE-2020-13630 | Use After Free vulnerability in multiple products ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | 7.0 |