Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8866 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-8244 | 2 Bufferlist Project, Debian | 2 Bufferlist, Debian Linux | 2024-08-04 | 6.5 Medium |
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls. | ||||
CVE-2020-8265 | 6 Debian, Fedoraproject, Nodejs and 3 more | 7 Debian Linux, Fedora, Node.js and 4 more | 2024-08-04 | 8.1 High |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. | ||||
CVE-2020-8231 | 6 Debian, Haxx, Oracle and 3 more | 6 Debian Linux, Libcurl, Communications Cloud Native Core Policy and 3 more | 2024-08-04 | 7.5 High |
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | ||||
CVE-2020-8184 | 4 Canonical, Debian, Rack Project and 1 more | 5 Ubuntu Linux, Debian Linux, Rack and 2 more | 2024-08-04 | 7.5 High |
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | ||||
CVE-2020-8177 | 6 Debian, Fujitsu, Haxx and 3 more | 19 Debian Linux, M10-1, M10-1 Firmware and 16 more | 2024-08-04 | 7.8 High |
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | ||||
CVE-2020-8159 | 2 Debian, Rubyonrails | 2 Debian Linux, Actionpack Page-caching | 2024-08-04 | 9.8 Critical |
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. | ||||
CVE-2020-8165 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Leap, Satellite and 2 more | 2024-08-04 | 9.8 Critical |
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | ||||
CVE-2020-8167 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Satellite, Satellite Capsule and 1 more | 2024-08-04 | 6.5 Medium |
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | ||||
CVE-2020-8163 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2024-08-04 | 8.8 High |
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. | ||||
CVE-2020-8112 | 3 Debian, Redhat, Uclouvain | 4 Debian Linux, Enterprise Linux, Rhel E4s and 1 more | 2024-08-04 | 8.8 High |
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. | ||||
CVE-2020-8161 | 4 Canonical, Debian, Rack Project and 1 more | 5 Ubuntu Linux, Debian Linux, Rack and 2 more | 2024-08-04 | 8.6 High |
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | ||||
CVE-2020-8164 | 4 Debian, Opensuse, Redhat and 1 more | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-08-04 | 7.5 High |
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | ||||
CVE-2020-8166 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Satellite, Satellite Capsule and 1 more | 2024-08-04 | 4.3 Medium |
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. | ||||
CVE-2020-8169 | 5 Debian, Haxx, Redhat and 2 more | 7 Debian Linux, Curl, Jboss Core Services and 4 more | 2024-08-04 | 7.5 High |
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | ||||
CVE-2020-8130 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-04 | 6.4 Medium |
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | ||||
CVE-2020-8162 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Satellite, Satellite Capsule and 1 more | 2024-08-04 | 7.5 High |
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | ||||
CVE-2020-8086 | 2 Debian, Prosody | 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 | 2024-08-04 | 9.8 Critical |
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | ||||
CVE-2020-8003 | 2 Debian, Virglrenderer Project | 2 Debian Linux, Virglrenderer | 2024-08-04 | 5.5 Medium |
A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free. | ||||
CVE-2020-8002 | 2 Debian, Virglrenderer Project | 2 Debian Linux, Virglrenderer | 2024-08-04 | 5.5 Medium |
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS). | ||||
CVE-2020-7919 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2024-08-04 | 7.5 High |
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. |