Filtered by vendor Debian
Subscribe
Total
9288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12770 | 5 Canonical, Debian, Fedoraproject and 2 more | 36 Ubuntu Linux, Debian Linux, Fedora and 33 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||||
| CVE-2020-12769 | 5 Canonical, Debian, Linux and 2 more | 36 Ubuntu Linux, Debian Linux, Linux Kernel and 33 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | |||||
| CVE-2020-12768 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will | |||||
| CVE-2020-12767 | 4 Canonical, Debian, Libexif Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libexif and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | |||||
| CVE-2020-12695 | 21 Asus, Broadcom, Canon and 18 more | 217 Rt-n11, Adsl, Selphy Cp1200 and 214 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
| CVE-2020-12693 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
| Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. | |||||
| CVE-2020-12674 | 4 Canonical, Debian, Dovecot and 1 more | 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | |||||
| CVE-2020-12673 | 4 Canonical, Debian, Dovecot and 1 more | 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | |||||
| CVE-2020-12672 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports Sle and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. | |||||
| CVE-2020-12663 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | |||||
| CVE-2020-12662 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | |||||
| CVE-2020-12658 | 2 Debian, Gssproxy Project | 2 Debian Linux, Gssproxy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem. | |||||
| CVE-2020-12653 | 4 Debian, Linux, Netapp and 1 more | 35 Debian Linux, Linux Kernel, A700s and 32 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. | |||||
| CVE-2020-12626 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | |||||
| CVE-2020-12625 | 3 Debian, Opensuse, Roundcube | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | |||||
| CVE-2020-12460 | 3 Debian, Fedoraproject, Trusteddomain | 3 Debian Linux, Fedora, Opendmarc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. | |||||
| CVE-2020-12402 | 4 Debian, Fedoraproject, Mozilla and 1 more | 4 Debian Linux, Fedora, Firefox and 1 more | 2024-11-21 | 1.2 LOW | 4.4 MEDIUM |
| During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. | |||||
| CVE-2020-12399 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 1.2 LOW | 4.4 MEDIUM |
| NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | |||||
| CVE-2020-12284 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. | |||||
| CVE-2020-12279 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. | |||||