Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8867 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-28243 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-08-04 | 7.8 High |
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | ||||
CVE-2020-28241 | 4 Debian, Fedoraproject, Maxmind and 1 more | 6 Debian Linux, Fedora, Libmaxminddb and 3 more | 2024-08-04 | 6.5 Medium |
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. | ||||
CVE-2020-28169 | 3 Debian, Microsoft, Td-agent-builder Project | 3 Debian Linux, Windows, Td-agent-builder | 2024-08-04 | 7.0 High |
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. | ||||
CVE-2020-28049 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-08-04 | 6.3 Medium |
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | ||||
CVE-2020-28036 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-08-04 | 9.8 Critical |
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | ||||
CVE-2020-28039 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-08-04 | 9.1 Critical |
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | ||||
CVE-2020-28033 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-08-04 | 7.5 High |
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | ||||
CVE-2020-28035 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-08-04 | 9.8 Critical |
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | ||||
CVE-2020-28032 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-08-04 | 9.8 Critical |
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | ||||
CVE-2020-28040 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-08-04 | 4.3 Medium |
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | ||||
CVE-2020-28037 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-08-04 | 9.8 Critical |
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | ||||
CVE-2020-28038 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-08-04 | 6.1 Medium |
WordPress before 5.5.2 allows stored XSS via post slugs. | ||||
CVE-2020-28034 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-08-04 | 6.1 Medium |
WordPress before 5.5.2 allows XSS associated with global variables. | ||||
CVE-2020-27813 | 3 Debian, Gorillatoolkit, Redhat | 4 Debian Linux, Websocket, Container Native Virtualization and 1 more | 2024-08-04 | 7.5 High |
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | ||||
CVE-2020-28030 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-08-04 | 7.5 High |
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | ||||
CVE-2020-27825 | 4 Debian, Linux, Netapp and 1 more | 9 Debian Linux, Linux Kernel, Cloud Backup and 6 more | 2024-08-04 | 5.7 Medium |
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. | ||||
CVE-2020-27845 | 5 Debian, Fedoraproject, Oracle and 2 more | 5 Debian Linux, Fedora, Outside In Technology and 2 more | 2024-08-04 | 5.5 Medium |
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. | ||||
CVE-2020-27918 | 5 Apple, Debian, Fedoraproject and 2 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2024-08-04 | 7.8 High |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
CVE-2020-27814 | 3 Debian, Redhat, Uclouvain | 3 Debian Linux, Enterprise Linux, Openjpeg | 2024-08-04 | 7.8 High |
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. | ||||
CVE-2020-27844 | 3 Debian, Oracle, Uclouvain | 3 Debian Linux, Outside In Technology, Openjpeg | 2024-08-04 | 7.8 High |
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |