Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-04 CVE-2020-27766 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in ImageMagick in MagickCore/statistic.c.
local
low complexity
imagemagick debian CWE-190
7.8
2020-12-03 CVE-2020-17527 Information Exposure vulnerability in multiple products
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream.
network
low complexity
apache netapp debian oracle CWE-200
7.5
2020-12-03 CVE-2020-27778 Access of Uninitialized Pointer vulnerability in multiple products
A flaw was found in Poppler in the way certain PDF files were converted into HTML.
network
low complexity
freedesktop redhat debian CWE-824
7.5
2020-12-02 CVE-2020-25638 SQL Injection vulnerability in multiple products
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final.
network
high complexity
hibernate debian quarkus oracle CWE-89
7.4
2020-12-02 CVE-2020-27813 Resource Exhaustion vulnerability in multiple products
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection.
network
low complexity
gorillatoolkit debian CWE-400
7.5
2020-11-30 CVE-2020-29394 Out-of-bounds Write vulnerability in multiple products
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).
local
low complexity
genivi debian CWE-787
7.8
2020-11-30 CVE-2020-28926 Classic Buffer Overflow vulnerability in multiple products
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution.
network
low complexity
readymedia-project debian CWE-120
7.5
2020-11-27 CVE-2020-25708 Divide By Zero vulnerability in multiple products
A divide by zero issue was found to occur in libvncserver-0.9.12.
network
low complexity
libvncserver-project redhat debian CWE-369
7.5
2020-11-25 CVE-2020-29074 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
network
low complexity
x11vnc-project fedoraproject debian CWE-732
8.8
2020-11-24 CVE-2020-26237 Modification of Assumed-Immutable Data (MAID) vulnerability in multiple products
Highlight.js is a syntax highlighter written in JavaScript.
network
low complexity
highlightjs debian oracle CWE-471
8.7