Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:debian:debian_linux:9.0
There are 1,851 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

Published: September 09, 2020; 5:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-24977

GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).

Published: September 03, 2020; 8:15:10 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2020-7729

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

Published: September 03, 2020; 5:15:10 AM -0400
V3.1: 7.1 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-14350

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

Published: August 24, 2020; 9:15:10 AM -0400
V3.1: 7.3 HIGH
V2.0: 4.4 MEDIUM
CVE-2020-7923

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.

Published: August 21, 2020; 11:15:13 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-24368

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.

Published: August 19, 2020; 11:15:12 AM -0400
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2020-16304

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.

Published: August 12, 2020; 11:15:14 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-16302

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

Published: August 12, 2020; 11:15:13 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-12674

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

Published: August 12, 2020; 12:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-12673

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

Published: August 12, 2020; 12:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-12100

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

Published: August 12, 2020; 12:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-16135

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

Published: July 29, 2020; 5:15:13 PM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-16117

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

Published: July 29, 2020; 2:15:14 PM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-15954

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

Published: July 27, 2020; 3:15:11 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-15890

LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.

Published: July 21, 2020; 6:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14928

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

Published: July 17, 2020; 12:15:11 PM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.

Published: July 17, 2020; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-10756

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

Published: July 09, 2020; 12:15:13 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

Published: July 02, 2020; 3:15:12 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-15393

In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.

Published: June 29, 2020; 6:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW