Debian

Debian Linux

9144 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2020-4051

  • EPSS 0.16%
  • Published 15.06.2020 22:15:09
  • Last modified 21.11.2024 05:32:13

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and le...

7.5

CVE-2020-14148

  • EPSS 1.82%
  • Published 15.06.2020 18:15:15
  • Last modified 21.11.2024 05:02:44

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.

7.7

CVE-2020-14147

  • EPSS 0.27%
  • Published 15.06.2020 18:15:14
  • Last modified 21.11.2024 05:02:44

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly ...

7.1

CVE-2020-14152

  • EPSS 0.51%
  • Published 15.06.2020 17:15:10
  • Last modified 21.11.2024 05:02:45

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

5.9

CVE-2020-14093

  • EPSS 2.12%
  • Published 15.06.2020 05:15:11
  • Last modified 21.11.2024 05:02:36

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

8.1

CVE-2020-14061

  • EPSS 6.31%
  • Published 14.06.2020 20:15:10
  • Last modified 27.08.2025 21:15:35

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, o...

8.1

CVE-2020-14062

  • EPSS 7.71%
  • Published 14.06.2020 20:15:10
  • Last modified 21.11.2024 05:02:28

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).

5.4

CVE-2020-4046

  • EPSS 6.85%
  • Published 12.06.2020 16:15:10
  • Last modified 21.11.2024 05:32:12

In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this coul...

6.8

CVE-2020-4047

  • EPSS 5.57%
  • Published 12.06.2020 16:15:10
  • Last modified 21.11.2024 05:32:13

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privilege...

5.7

CVE-2020-4048

  • EPSS 3.5%
  • Published 12.06.2020 16:15:10
  • Last modified 21.11.2024 05:32:13

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the ...