Debian Security Vulnerabilities (CVEs)

This vulnerability allows a remote attacker to trigger a heap buffer overflow in Chrome's WebAudio component by tricking users into visiting a malicio...

This vulnerability allows an attacker to exploit heap corruption through out-of-bounds memory access in Chrome's developer tools. Attackers can execut...

This is a type confusion vulnerability in Chrome's V8 JavaScript engine that could allow a remote attacker to execute arbitrary code or cause heap cor...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that allows a remote attacker to potentially exploit heap corruption via ...

CVE-2020-6515 is a use-after-free vulnerability in Google Chrome's tab strip component that allows remote attackers to potentially exploit heap corrup...

CVE-2020-6517 is a heap buffer overflow vulnerability in Google Chrome's history component that allows remote attackers to potentially execute arbitra...

This vulnerability is a buffer overflow in Skia, Chrome's graphics engine, that allows remote attackers to potentially exploit heap corruption via a c...

This vulnerability in Oracle Java SE's 2D component allows unauthenticated attackers to modify critical data in Java deployments that run untrusted co...

This vulnerability in Eclipse Web Tools Platform allows XML External Entity (XXE) attacks even when external entity resolution is disabled in user pre...

This vulnerability in Apache Tomcat allows attackers to cause denial of service by sending WebSocket frames with invalid payload lengths, which trigge...

This vulnerability allows an attacker to craft a malicious TAR archive that causes an infinite loop when processed by Python's tarfile module. This le...

This vulnerability allows remote attackers to cause denial of service through excessive CPU consumption by exploiting a flaw in Samba's NetBIOS over T...

This vulnerability in Xen hypervisor allows x86 Intel HVM guest OS users to potentially cause host OS denial of service or gain privileges due to insu...

A race condition vulnerability in Xen hypervisor allows Intel guest OS users to gain privileges or cause denial of service through non-atomic modifica...

This vulnerability allows any user to crash Samba's AD DC NBT server by sending an empty UDP packet, causing denial of service. It affects all Samba v...

This CVE describes an infinite loop vulnerability in Wireshark's GVCP dissector that can cause denial of service. When processing malicious network pa...

This is a remote code execution vulnerability in Ruby on Rails that allows attackers to execute arbitrary code on vulnerable systems. It affects appli...

CVE-2020-15503 is an integer overflow vulnerability in LibRaw's thumbnail processing code that allows attackers to cause heap-based buffer overflows b...

CVE-2020-4067 is an information disclosure vulnerability in coturn STUN/TURN servers where uninitialized memory buffers allow attackers to leak data f...

This CVE describes a denial-of-service vulnerability in Apache Tomcat's HTTP/2 implementation where specially crafted requests can cause high CPU usag...

This vulnerability in Apache Traffic Server allows attackers to send specially crafted HTTP/2 HEADERS frames that cause excessive memory allocation an...

CVE-2020-12865 is a heap buffer overflow vulnerability in SANE Backends that allows arbitrary code execution. Attackers on the same local network as v...

This CVE affects Alpine email client versions before 2.23, where sending a /tls command during PREAUTH causes the client to silently fall back to inse...

This vulnerability in Ruby on Rails ActiveStorage's S3 adapter allows attackers to modify the Content-Length header during direct file uploads, bypass...

This vulnerability in Rack (Ruby web server interface) allows attackers to forge secure or host-only cookie prefixes due to insufficient validation. T...

CVE-2018-21247 is an information leak vulnerability in LibVNCServer where the ConnectToRFBRepeater function exposes uninitialized memory contents. Thi...

CVE-2019-20840 is a memory corruption vulnerability in LibVNCServer's WebSocket decoding functionality that can cause crashes due to unaligned memory ...

CVE-2020-14397 is a NULL pointer dereference vulnerability in LibVNCServer's rfbregion.c that can cause denial of service (crash) when processing mali...

CVE-2020-14399 is a memory access vulnerability in LibVNCServer where byte-aligned data is accessed through uint32_t pointers, potentially causing mem...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...

This CVE describes an integer overflow vulnerability in Redis's Lua sandbox that allows authenticated users with Lua execution permissions to trigger ...

This vulnerability in IJG JPEG (libjpeg) allows excessive memory consumption when processing JPEG images. The jpeg_mem_available() function fails to r...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...

This CVE describes an integer overflow vulnerability in Android's EXIF data parsing library that can cause undefined behavior sanitizer (UBSAN) to abo...

This vulnerability in the Linux kernel allows local attackers with access to DAX-enabled storage to escalate privileges on the system. It affects Linu...

This CVE describes an integer overflow vulnerability in the Linux kernel's keyboard driver (drivers/tty/vt/keyboard.c) that could potentially lead to ...

A heap-based buffer overflow vulnerability in VLC media player's H.264 video processing allows remote attackers to crash the application or execute ar...

CallStranger is a UPnP vulnerability that allows attackers to abuse subscription requests to perform SSRF attacks, port scanning, and DDoS amplificati...

CVE-2020-13871 is a use-after-free vulnerability in SQLite's window function implementation that could allow memory corruption. This affects applicati...

CVE-2020-13848 is a NULL pointer dereference vulnerability in Portable UPnP SDK (libupnp) that allows remote attackers to cause denial of service (cra...

This GnuTLS vulnerability uses incorrect cryptography for session ticket encryption, causing loss of confidentiality in TLS 1.2 and authentication byp...

This is a use-after-free vulnerability in Google Chrome's payments component on macOS that allows a remote attacker to potentially escape Chrome's san...

This vulnerability in FreeRDP allows a malicious server to read and write arbitrary memory when USB redirection is enabled, due to integer overflows i...

CVE-2020-13630 is a use-after-free vulnerability in SQLite's FTS3 extension that can lead to memory corruption and potential code execution. It affect...