Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2020-11-24 CVE-2020-25654 An ACL bypass flaw was found in pacemaker.
network
low complexity
clusterlabs debian
7.2
2020-11-23 CVE-2020-28984 prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
network
low complexity
spip debian
7.5
2020-11-23 CVE-2020-25696 Permissive Whitelist vulnerability in multiple products
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
high complexity
postgresql debian CWE-183
7.5
2020-11-20 CVE-2020-20740 Out-of-bounds Write vulnerability in multiple products
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().
7.8
2020-11-20 CVE-2020-19667 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
local
low complexity
imagemagick debian CWE-787
7.8
2020-11-19 CVE-2020-28949 Injection vulnerability in multiple products
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
local
low complexity
php debian fedoraproject drupal CWE-74
7.8
2020-11-19 CVE-2020-28948 Deserialization of Untrusted Data vulnerability in multiple products
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
local
low complexity
php debian fedoraproject drupal CWE-502
7.8
2020-11-16 CVE-2020-26217 OS Command Injection vulnerability in multiple products
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.
network
low complexity
xstream-project debian netapp apache oracle CWE-78
8.8
2020-11-16 CVE-2020-25695 SQL Injection vulnerability in multiple products
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
low complexity
postgresql debian CWE-89
8.8
2020-11-16 CVE-2020-25694 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
high complexity
postgresql debian CWE-327
8.1