Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8867 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-24616 | 4 Debian, Fasterxml, Netapp and 1 more | 25 Debian Linux, Jackson-databind, Active Iq Unified Manager and 22 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | ||||
CVE-2020-24586 | 6 Arista, Debian, Ieee and 3 more | 45 C-200, C-200 Firmware, C-230 and 42 more | 2024-08-04 | 3.5 Low |
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. | ||||
CVE-2020-24587 | 7 Arista, Cisco, Debian and 4 more | 333 C-100, C-100 Firmware, C-110 and 330 more | 2024-08-04 | 2.6 Low |
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. | ||||
CVE-2020-24606 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-04 | 8.6 High |
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. | ||||
CVE-2020-24588 | 9 Arista, Cisco, Debian and 6 more | 351 C-100, C-100 Firmware, C-110 and 348 more | 2024-08-04 | 3.5 Low |
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | ||||
CVE-2020-24654 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-04 | 3.3 Low |
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | ||||
CVE-2020-24165 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-04 | 8.8 High |
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties. | ||||
CVE-2020-24489 | 3 Debian, Intel, Redhat | 221 Debian Linux, Atom X5-e3930, Atom X5-e3940 and 218 more | 2024-08-04 | 8.8 High |
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2020-24512 | 4 Debian, Intel, Netapp and 1 more | 11 Debian Linux, Microcode, Fas\/aff Bios and 8 more | 2024-08-04 | 3.3 Low |
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2020-24511 | 4 Debian, Intel, Netapp and 1 more | 11 Debian Linux, Microcode, Fas\/aff Bios and 8 more | 2024-08-04 | 6.5 Medium |
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2020-24513 | 4 Debian, Intel, Redhat and 1 more | 77 Debian Linux, Atom C3308, Atom C3336 and 74 more | 2024-08-04 | 6.5 Medium |
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2020-24386 | 4 Debian, Dovecot, Fedoraproject and 1 more | 4 Debian Linux, Dovecot, Fedora and 1 more | 2024-08-04 | 6.8 Medium |
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). | ||||
CVE-2020-24379 | 3 Canonical, Debian, Yaws | 3 Ubuntu Linux, Debian Linux, Yaws | 2024-08-04 | 9.8 Critical |
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | ||||
CVE-2020-24361 | 2 Debian, Snmptt | 2 Debian Linux, Snmptt | 2024-08-04 | 9.8 Critical |
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec. | ||||
CVE-2020-24368 | 3 Debian, Icinga, Suse | 4 Debian Linux, Icinga Web 2, Linux Enterprise and 1 more | 2024-08-04 | 7.5 High |
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. | ||||
CVE-2020-23804 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-04 | 7.5 High |
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||||
CVE-2020-23226 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-08-04 | 6.1 Medium |
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. | ||||
CVE-2020-22669 | 2 Debian, Owasp | 2 Debian Linux, Owasp Modsecurity Core Rule Set | 2024-08-04 | 9.8 Critical |
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. | ||||
CVE-2020-22035 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-08-04 | 8.8 High |
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences. | ||||
CVE-2020-22042 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-08-04 | 6.5 Medium |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. |