Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-06 | CVE-2020-36181 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. | 8.1 |
2021-01-06 | CVE-2020-8265 | Use After Free vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. | 8.1 |
2021-01-05 | CVE-2020-27844 | Improper Input Validation vulnerability in multiple products A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. | 7.8 |
2021-01-04 | CVE-2020-25275 | Improper Input Validation vulnerability in multiple products Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. | 7.5 |
2020-12-27 | CVE-2020-35728 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). | 8.1 |
2020-12-21 | CVE-2020-35605 | The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message. | 7.5 |
2020-12-18 | CVE-2020-35475 | Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. | 7.5 |
2020-12-16 | CVE-2020-29361 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in p11-kit 0.21.1 through 0.23.21. | 7.5 |
2020-12-16 | CVE-2020-26258 | Server-Side Request Forgery (SSRF) vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 7.7 |
2020-12-15 | CVE-2020-29481 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 8.8 |