Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2020-03-31 CVE-2020-5291 Improper Privilege Management vulnerability in multiple products
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. 		8.5
8.5
2020-03-31 CVE-2020-1712 Use After Free vulnerability in multiple products
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages.
local
low complexity
systemd-project redhat debian CWE-416
7.8
7.8
2020-03-31 CVE-2020-10595 Classic Buffer Overflow vulnerability in multiple products
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library.
network
low complexity
pam-krb5-project debian CWE-120
7.5
7.5
2020-03-31 CVE-2020-11113 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
8.8
2020-03-31 CVE-2020-11112 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
8.8
2020-03-31 CVE-2020-11111 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
8.8
2020-03-27 CVE-2020-10955 Missing Authorization vulnerability in multiple products
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
network
low complexity
gitlab debian CWE-862
4.0
4.0
2020-03-27 CVE-2020-1772 It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords.
network
low complexity
otrs opensuse debian
7.5
7.5
2020-03-27 CVE-2020-1770 Information Exposure vulnerability in multiple products
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed.
network
low complexity
otrs opensuse debian CWE-200
4.3
4.3
2020-03-26 CVE-2020-10969 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
8.8