Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-14 CVE-2020-0423 Improper Locking vulnerability in multiple products
In binder_release_work of binder.c, there is a possible use-after-free due to improper locking.
local
low complexity
google debian CWE-667
7.2
2020-10-07 CVE-2020-26880 Improper Privilege Management vulnerability in multiple products
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
local
low complexity
sympa fedoraproject debian CWE-269
7.8
2020-10-07 CVE-2020-11800 Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
network
low complexity
zabbix opensuse debian
7.5
2020-10-06 CVE-2020-26575 Infinite Loop vulnerability in multiple products
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop.
network
low complexity
wireshark fedoraproject debian oracle CWE-835
7.5
2020-10-06 CVE-2020-25863 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash.
network
low complexity
wireshark fedoraproject opensuse debian oracle
7.5
2020-10-06 CVE-2020-25862 Improper Validation of Integrity Check Value vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash.
7.5
2020-10-06 CVE-2020-15598 Infinite Loop vulnerability in multiple products
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request.
network
low complexity
trustwave debian CWE-835
7.5
2020-10-06 CVE-2020-25643 Improper Input Validation vulnerability in multiple products
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7.
7.2
2020-10-01 CVE-2020-15678 Use After Free vulnerability in multiple products
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free.
network
low complexity
mozilla opensuse debian CWE-416
8.8
2020-10-01 CVE-2020-15227 Code Injection vulnerability in multiple products
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE.
network
low complexity
nette debian CWE-94
7.5