Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2020-03-24 CVE-2020-6072 Double Free vulnerability in multiple products
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0.
network
low complexity
videolabs debian CWE-415
7.5
7.5
2020-03-24 CVE-2020-6071 Uncontrolled Recursion vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0.
network
low complexity
videolabs debian CWE-674
5.0
5.0
2020-03-24 CVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
network
high complexity
arm fedoraproject debian
5.9
5.9
2020-03-24 CVE-2020-10938 Integer Overflow or Wraparound vulnerability in multiple products
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
network
low complexity
graphicsmagick debian opensuse CWE-190
7.5
7.5
2020-03-24 CVE-2020-9359 KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
local
low complexity
kde debian fedoraproject
5.3
5.3
2020-03-24 CVE-2020-10684 Missing Authorization vulnerability in multiple products
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean.
local
low complexity
redhat debian fedoraproject CWE-862
7.1
7.1
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17559 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2020-8866 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22.
network
low complexity
horde debian CWE-434
6.5
6.5