Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-16 | CVE-2020-26217 | OS Command Injection vulnerability in multiple products XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. | 8.8 |
2020-11-16 | CVE-2020-25695 | SQL Injection vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 8.8 |
2020-11-16 | CVE-2020-25694 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 8.1 |
2020-11-10 | CVE-2020-25074 | Path Traversal vulnerability in multiple products The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. | 7.5 |
2020-11-06 | CVE-2017-18926 | Out-of-bounds Write vulnerability in multiple products raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). | 7.1 |
2020-11-04 | CVE-2020-8037 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | 7.5 |
2020-11-03 | CVE-2020-16009 | Type Confusion vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-11-03 | CVE-2020-16008 | Out-of-bounds Write vulnerability in multiple products Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. | 8.8 |
2020-11-03 | CVE-2020-16006 | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-11-03 | CVE-2020-16005 | Improper Handling of Exceptional Conditions vulnerability in multiple products Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |