Debian Security Vulnerabilities (CVEs)

CVE-2019-14586 is a use-after-free vulnerability in EDK II firmware that could allow an authenticated attacker with adjacent network access to execute...

CVE-2019-14563 is an integer truncation vulnerability in EDK II (UEFI firmware) that allows authenticated local users to potentially escalate privileg...

This vulnerability in PDFResurrect before version 0.20 allows attackers to cause a heap buffer overflow via specially crafted PDF files due to insuffi...

This CVE describes a stack-based buffer overflow vulnerability in ImageMagick's XPM image processing function. Attackers can exploit this by crafting ...

CVE-2020-28948 is a deserialization vulnerability in Archive_Tar that allows attackers to execute arbitrary code via PHAR archive exploitation. The vu...

CVE-2020-26217 is a remote code execution vulnerability in XStream that allows attackers to execute arbitrary shell commands by manipulating processed...

This PostgreSQL vulnerability allows man-in-the-middle attacks when client applications reuse basic connection parameters while dropping security para...

CVE-2017-18926 is a heap-based buffer overflow vulnerability in Raptor RDF Syntax Library's XML writer component. It allows attackers to execute arbit...

CVE-2020-8037 is a memory allocation vulnerability in tcpdump's PPP decapsulator that allows attackers to trigger excessive memory consumption through...

This vulnerability is a use-after-free memory corruption flaw in Google Chrome's printing component. It allows remote attackers to potentially execute...

This vulnerability in Chrome's ANGLE graphics engine allows attackers to potentially exploit heap corruption through a malicious HTML page. It affects...

This vulnerability in Google Chrome's installer allows a local attacker to potentially elevate privileges by exploiting insufficient data validation w...

This vulnerability in Chrome's V8 JavaScript engine allows attackers to execute arbitrary code through heap corruption by tricking users into visiting...

This is a use-after-free vulnerability in WebRTC component of Google Chrome that could allow a remote attacker to trigger heap corruption via a crafte...

This vulnerability is a use-after-free flaw in Chrome's autofill feature that allows an attacker who has already compromised the renderer process to p...

This vulnerability in Google Chrome allows a remote attacker who has already compromised the renderer process to bypass the same-origin policy via a c...

This vulnerability is an out-of-bounds write in Chrome's V8 JavaScript engine that allows remote attackers to potentially exploit heap corruption via ...

This vulnerability is a use-after-free memory corruption flaw in Chrome's media component that allows remote attackers to execute arbitrary code or ca...

This integer overflow vulnerability in Chrome's Blink rendering engine allows attackers to bypass site isolation protections. Attackers can craft mali...

This is a use-after-free vulnerability in WebXR (Extended Reality) implementation in Google Chrome on Android. It allows a remote attacker to potentia...

This vulnerability allows a remote attacker who has already compromised Chrome's renderer process to bypass navigation restrictions on Android devices...

This vulnerability allows a local attacker on Android devices to bypass Chrome's navigation restrictions using specially crafted Intents. It affects G...

This vulnerability allows a local attacker on ChromeOS devices to bypass Content Security Policy (CSP) protections by exploiting insufficient data val...

This is a use-after-free vulnerability in Chrome's payments component that allows a remote attacker to potentially escape the browser sandbox via a cr...

This vulnerability is a use-after-free memory corruption flaw in Chrome's WebRTC component. It allows remote attackers to potentially execute arbitrar...

This is a use-after-free vulnerability in Google Chrome's printing component that allows a remote attacker who has already compromised the renderer pr...

This vulnerability in Wireshark's GQUIC protocol dissector allows attackers to cause a denial-of-service crash by sending specially crafted network pa...

CVE-2020-15238 is an argument injection vulnerability in Blueman's D-Bus interface that allows local attackers to execute arbitrary commands with elev...

This vulnerability in Xen hypervisor allows x86 guest OS users to corrupt AMD IOMMU page-table entries during partial updates, potentially leading to ...

CVE-2020-27672 is a race condition vulnerability in Xen hypervisor that leads to use-after-free with superpages. This allows x86 guest OS users to cau...

This vulnerability in fastd (a VPN daemon) allows denial of service through an assertion failure when receiving packets with invalid type codes. Attac...

CVE-2020-9948 is a type confusion vulnerability in Safari's WebKit engine that allows malicious web content to trigger memory corruption. Successful e...

CVE-2020-27153 is a double-free vulnerability in BlueZ's gatttool disconnect_cb() function that allows remote attackers to potentially cause denial of...

This CVE describes a use-after-free vulnerability in the Android kernel's binder driver due to improper locking. It allows local attackers to escalate...

This vulnerability in Wireshark's TCP dissector allows remote attackers to cause a denial of service (crash) by sending specially crafted TCP packets ...

This vulnerability in the Linux kernel's HDLC_PPP module allows memory corruption and read overflow due to improper input validation in the ppp_cp_par...

CVE-2020-15673 is a memory corruption vulnerability in Mozilla Firefox, Thunderbird, and Firefox ESR that could allow attackers to execute arbitrary c...

This is a use-after-free vulnerability in Firefox, Thunderbird, and Firefox ESR that occurs when processing graphical layers during scrolling. An atta...

CVE-2020-15227 is a code injection vulnerability in Nette PHP framework that allows attackers to execute arbitrary code by passing specially crafted p...