Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-20 | CVE-2020-13230 | Improper Preservation of Permissions vulnerability in multiple products In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). | 4.3 |
| 2020-05-19 | CVE-2020-13164 | Uncontrolled Recursion vulnerability in multiple products In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. | 7.5 |
| 2020-05-19 | CVE-2020-10995 | Resource Exhaustion vulnerability in multiple products PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. | 7.5 |
| 2020-05-19 | CVE-2020-8021 | Improper Privilege Management vulnerability in multiple products a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. | 4.3 |
| 2020-05-19 | CVE-2020-8617 | Reachable Assertion vulnerability in multiple products Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. | 5.9 |
| 2020-05-19 | CVE-2020-8616 | Resource Exhaustion vulnerability in multiple products A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. | 8.6 |
| 2020-05-19 | CVE-2020-12663 | Infinite Loop vulnerability in multiple products Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | 7.5 |
| 2020-05-19 | CVE-2020-12662 | Resource Exhaustion vulnerability in multiple products Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. | 7.5 |
| 2020-05-19 | CVE-2020-12244 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. | 7.5 |
| 2020-05-18 | CVE-2020-13143 | Out-of-bounds Read vulnerability in multiple products gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. | 6.5 |