Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-17 | CVE-2020-8518 | Code Injection vulnerability in multiple products Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | 9.8 |
2020-02-13 | CVE-2019-10785 | Cross-site Scripting vulnerability in multiple products dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. | 6.1 |
2020-02-12 | CVE-2020-8955 | Classic Buffer Overflow vulnerability in multiple products irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). | 9.8 |
2020-02-12 | CVE-2019-19921 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. | 7.0 |
2020-02-12 | CVE-2014-6262 | Use of Externally-Controlled Format String vulnerability in multiple products Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | 5.0 |
2020-02-11 | CVE-2020-1711 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. | 6.0 |
2020-02-11 | CVE-2020-6416 | Improper Input Validation vulnerability in multiple products Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6415 | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6408 | Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. | 6.5 |
2020-02-11 | CVE-2020-6406 | Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |