Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-06 CVE-2020-36181 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
network
high complexity
netapp debian oracle fasterxml CWE-502
8.1
2021-01-06 CVE-2020-8265 Use After Free vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation.
network
high complexity
nodejs debian fedoraproject oracle siemens CWE-416
8.1
2021-01-05 CVE-2020-27844 Improper Input Validation vulnerability in multiple products
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0.
local
low complexity
uclouvain debian oracle CWE-20
7.8
2021-01-04 CVE-2020-25275 Improper Input Validation vulnerability in multiple products
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
network
low complexity
dovecot debian fedoraproject CWE-20
7.5
2020-12-27 CVE-2020-35728 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
network
high complexity
fasterxml debian netapp oracle CWE-502
8.1
2020-12-21 CVE-2020-35605 The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
network
low complexity
kitty-project debian
7.5
2020-12-18 CVE-2020-35475 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML.
network
low complexity
mediawiki debian fedoraproject CWE-79
7.5
2020-12-16 CVE-2020-29361 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in p11-kit 0.21.1 through 0.23.21.
network
low complexity
p11-kit-project debian CWE-190
7.5
2020-12-16 CVE-2020-26258 Server-Side Request Forgery (SSRF) vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject CWE-918
7.7
2020-12-15 CVE-2020-29481 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-269
8.8