13 matches found
DEBIAN-CVE-2020-18771
Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmnint.cpp which can result in an information leak...
DEBIAN-CVE-2020-22020
Buffer Overflow vulnerability in FFmpeg 4.2 in the builddiffmap function in libavfilter/vffieldmatch.c, which could let a remote malicious user cause a Denial of Service...
DEBIAN-CVE-2020-16016
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
DEBIAN-CVE-2020-36182
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS...
DEBIAN-CVE-2020-27837
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more...
DEBIAN-CVE-2020-16005
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2020-6550
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2020-25559
gnuplot 5.5 is affected by double free when executing printsetoutput. This may result in context-dependent arbitrary code execution...
DEBIAN-CVE-2020-7695
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers...
DEBIAN-CVE-2020-6513
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...
DEBIAN-CVE-2020-13253
sdwpaddr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhciwrite operations. A guest OS user can crash the QEMU process...
DEBIAN-CVE-2020-12768
An issue was discovered in the Linux kernel before 5.6. svmcpuuninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will...
DEBIAN-CVE-2020-9760
An issue was discovered in WeeChat before 2.7.1 0.3.4 to 2.7 are affected. When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick...