Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-07 | CVE-2020-15567 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. | 7.8 |
2020-07-07 | CVE-2020-15565 | Resource Exhaustion vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. | 8.8 |
2020-07-06 | CVE-2020-14303 | Excessive Iteration vulnerability in multiple products A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. | 7.5 |
2020-07-05 | CVE-2020-15466 | Infinite Loop vulnerability in multiple products In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. | 7.5 |
2020-07-02 | CVE-2020-8161 | Path Traversal vulnerability in multiple products A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | 8.6 |
2020-07-02 | CVE-2020-15503 | Improper Input Validation vulnerability in multiple products LibRaw before 0.20-RC1 lacks a thumbnail size range check. | 7.5 |
2020-06-29 | CVE-2020-4067 | Improper Initialization vulnerability in multiple products In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. | 7.5 |
2020-06-26 | CVE-2020-11996 | A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. | 7.5 |
2020-06-24 | CVE-2020-12865 | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | 8.0 |
2020-06-22 | CVE-2020-4031 | Use After Free vulnerability in multiple products In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. | 7.5 |