Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-15 CVE-2020-29479 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
8.8
2020-12-15 CVE-2020-29569 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x.
local
low complexity
xen linux netapp debian CWE-416
8.8
2020-12-14 CVE-2020-8286 Improper Certificate Validation vulnerability in multiple products
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
7.5
2020-12-14 CVE-2020-8285 Uncontrolled Recursion vulnerability in multiple products
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
7.5
2020-12-14 CVE-2020-8231 Use After Free vulnerability in multiple products
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
network
low complexity
haxx siemens debian oracle splunk CWE-416
7.5
2020-12-14 CVE-2020-8177 Injection vulnerability in multiple products
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
local
low complexity
haxx debian fujitsu siemens splunk CWE-74
7.8
2020-12-14 CVE-2020-8169 Information Exposure vulnerability in multiple products
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
network
low complexity
haxx siemens debian splunk CWE-200
7.5
2020-12-09 CVE-2020-29661 Improper Locking vulnerability in multiple products
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
7.8
2020-12-08 CVE-2020-27918 Use After Free vulnerability in multiple products
A use after free issue was addressed with improved memory management.
local
low complexity
apple fedoraproject debian webkitgtk CWE-416
7.8
2020-12-07 CVE-2020-29599 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files.
local
low complexity
imagemagick debian CWE-91
7.8