Debian Security Vulnerabilities (CVEs)

This vulnerability in TigerVNC allows attackers to impersonate any VNC server after a client accepts a TLS certificate exception. When users bypass ce...

A race condition vulnerability in Xen's event channel reset mechanism allows x86 PV guests to potentially escalate privileges to host level, cause hos...

A memory barrier vulnerability in Xen hypervisor event channel handling allows malicious guests to potentially cause hypervisor crashes (DoS) or leak ...

This vulnerability in Xen's PCI passthrough code allows guests with passed-through PCI devices to crash the hypervisor, causing a system-wide denial o...

This vulnerability is a race condition in Chrome's Mojo IPC system that allows an attacker who has already compromised the renderer process to potenti...

This is a use-after-free vulnerability in Chrome's IndexedDB implementation that allows remote attackers to potentially exploit heap corruption. Attac...

This is a use-after-free vulnerability in Chrome's Blink rendering engine that allows remote attackers to potentially exploit heap corruption. Attacke...

This is a use-after-free vulnerability in Chrome's extension system that allows a remote attacker to escape Chrome's sandbox via a malicious extension...

CVE-2020-6556 is a heap buffer overflow vulnerability in SwiftShader, Chrome's software renderer, that allows remote attackers to potentially execute ...

This is a use-after-free vulnerability in Google Chrome's Presentation API that allows remote attackers to potentially exploit heap corruption via a c...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that allows attackers to potentially access memory outside intended bound...

This vulnerability is a use-after-free memory corruption flaw in Chrome's SCTP implementation that allows remote attackers to potentially execute arbi...

This is a use-after-free vulnerability in Chrome's CSS engine that allows remote attackers to potentially exploit heap corruption via a crafted HTML p...

This vulnerability allows a remote attacker to execute arbitrary code or cause heap corruption via a use-after-free bug in Chrome's WebUSB implementat...

This is a use-after-free vulnerability in Google Chrome's task scheduling component that allows remote attackers to potentially exploit heap corruptio...

This is a use-after-free vulnerability in Chrome's audio component that allows remote attackers to potentially exploit heap corruption via a crafted H...

This vulnerability is a heap buffer overflow in the Skia graphics library used by Google Chrome. It allows a remote attacker who has already compromis...

This vulnerability is a heap buffer overflow in Google Chrome's storage component that allows remote attackers to potentially perform out-of-bounds me...

CVE-2020-15166 is a denial-of-service vulnerability in ZeroMQ where attackers can disrupt message delivery to legitimate clients by connecting raw TCP...

This vulnerability allows remote attackers to cause denial of service in atftpd servers by sending specially crafted RRQ-Multicast requests that trigg...

This CVE describes a Time-of-Check Time-of-Use (TOCTOU) vulnerability in the Linux kernel's NFS client code that allows local attackers to corrupt ker...

This vulnerability in pip allows directory traversal attacks when installing packages from URLs. Attackers can overwrite arbitrary files on the system...

CVE-2020-7729 allows arbitrary code execution in Grunt task runner when processing malicious YAML files. The vulnerability exists because Grunt uses t...

This is a deserialization vulnerability in FasterXML jackson-databind that allows remote code execution when processing untrusted JSON data. It affect...

This vulnerability allows a trusted peer in a Squid proxy cache hierarchy to cause a denial of service by sending a specially crafted Cache Digest res...

This CVE describes a PostgreSQL vulnerability where certain extensions don't properly secure their installation scripts against search_path manipulati...

CVE-2020-8623 is a denial-of-service vulnerability in BIND DNS servers where specially crafted queries can cause the server to crash. Affected systems...

CVE-2020-24368 is a directory traversal vulnerability in Icinga Web2 that allows attackers to read arbitrary files accessible by the Icinga Web2 proce...

CVE-2020-13933 is an authentication bypass vulnerability in Apache Shiro where specially crafted HTTP requests can circumvent authentication mechanism...

CVE-2020-1472 (Zerologon) is a critical authentication bypass vulnerability in Microsoft's Netlogon protocol that allows unauthenticated attackers to ...

A use-after-free vulnerability in GhostScript's XPS image processing allows remote attackers to execute arbitrary code via a malicious PDF file. This ...

This vulnerability in Dovecot email server allows remote attackers to cause denial of service by sending specially crafted emails with deeply nested M...

CVE-2020-12674 is a buffer overflow vulnerability in Dovecot's authentication service where a specially crafted RPA request with zero length causes a ...

CVE-2020-17367 is a command injection vulnerability in Firejail, a Linux sandboxing tool, where the -- end-of-options indicator is not properly honore...

This vulnerability in Apache HTTP Server allows an attacker to cause a denial-of-service (crash) by sending a specially crafted Cache-Digest header in...

This vulnerability in Apache HTTP Server's HTTP/2 module allows concurrent memory pool misuse when trace/debug logging is enabled under specific traff...

This vulnerability in Go's encoding/binary package allows attackers to cause infinite read loops via specially crafted invalid inputs to ReadUvarint a...

CVE-2020-10713 is a buffer overflow vulnerability in GRUB2 bootloader versions before 2.06 that allows attackers with physical or administrative acces...