Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-31 | CVE-2020-5291 | Improper Privilege Management vulnerability in multiple products Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. | 8.5 |
2020-03-31 | CVE-2020-1712 | Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. | 7.8 |
2020-03-31 | CVE-2020-10595 | Classic Buffer Overflow vulnerability in multiple products pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. | 7.5 |
2020-03-31 | CVE-2020-11113 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). | 8.8 |
2020-03-31 | CVE-2020-11112 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). | 8.8 |
2020-03-31 | CVE-2020-11111 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). | 8.8 |
2020-03-27 | CVE-2020-10955 | Missing Authorization vulnerability in multiple products GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. | 4.0 |
2020-03-27 | CVE-2020-1772 | It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. | 7.5 |
2020-03-27 | CVE-2020-1770 | Information Exposure vulnerability in multiple products Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. | 4.3 |
2020-03-26 | CVE-2020-10969 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. | 8.8 |