Filtered by vendor Debian
Subscribe
Total
9332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25600 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2023-11-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable. | |||||
| CVE-2020-26570 | 3 Debian, Fedoraproject, Opensc Project | 3 Debian Linux, Fedora, Opensc | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. | |||||
| CVE-2020-25669 | 3 Debian, Linux, Netapp | 21 Debian Linux, Linux Kernel, Cloud Backup and 18 more | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. | |||||
| CVE-2020-25685 | 4 Arista, Debian, Fedoraproject and 1 more | 4 Eos, Debian Linux, Fedora and 1 more | 2023-11-07 | 4.3 MEDIUM | 3.7 LOW |
| A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | |||||
| CVE-2020-25668 | 3 Debian, Linux, Netapp | 26 Debian Linux, Linux Kernel, 500f and 23 more | 2023-11-07 | 6.9 MEDIUM | 7.0 HIGH |
| A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | |||||
| CVE-2020-25687 | 3 Debian, Fedoraproject, Thekelleys | 3 Debian Linux, Fedora, Dnsmasq | 2023-11-07 | 7.1 HIGH | 5.9 MEDIUM |
| A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-26880 | 3 Debian, Fedoraproject, Sympa | 3 Debian Linux, Fedora, Sympa | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. | |||||
| CVE-2020-26418 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Zfs Storage Appliance Kit and 1 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||||
| CVE-2020-27670 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2023-11-07 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | |||||
| CVE-2020-24616 | 4 Debian, Fasterxml, Netapp and 1 more | 25 Debian Linux, Jackson-databind, Active Iq Unified Manager and 22 more | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | |||||
| CVE-2020-25275 | 3 Debian, Dovecot, Fedoraproject | 3 Debian Linux, Dovecot, Fedora | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. | |||||
| CVE-2020-25681 | 3 Debian, Fedoraproject, Thekelleys | 3 Debian Linux, Fedora, Dnsmasq | 2023-11-07 | 8.3 HIGH | 8.1 HIGH |
| A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-26558 | 5 Bluetooth, Debian, Fedoraproject and 2 more | 34 Bluetooth Core Specification, Debian Linux, Fedora and 31 more | 2023-11-07 | 4.3 MEDIUM | 4.2 MEDIUM |
| Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. | |||||
| CVE-2020-26575 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Zfs Storage Appliance and 2 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. | |||||
| CVE-2020-24654 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 4.3 MEDIUM | 3.3 LOW |
| In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | |||||
| CVE-2020-25682 | 3 Debian, Fedoraproject, Thekelleys | 3 Debian Linux, Fedora, Dnsmasq | 2023-11-07 | 8.3 HIGH | 8.1 HIGH |
| A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25713 | 3 Debian, Fedoraproject, Librdf | 3 Debian Linux, Fedora, Raptor Rdf Syntax Library | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. | |||||
| CVE-2020-25674 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. | |||||
| CVE-2020-27171 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-11-07 | 3.6 LOW | 6.0 MEDIUM |
| An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. | |||||
| CVE-2020-26298 | 2 Debian, Redcarpet Project | 2 Debian Linux, Redcarpet | 2023-11-07 | 3.5 LOW | 5.4 MEDIUM |
| Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. | |||||