Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-23 | CVE-2020-25604 | An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm... | Debian_linux, Fedora, Leap, Xen | 4.7 | ||
| 2020-09-27 | CVE-2020-26116 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | Ubuntu_linux, Debian_linux, Fedora, Hci_compute_node, Hci_storage_node, Solidfire, Leap, Zfs_storage_appliance_kit, Python | 7.2 | ||
| 2020-09-30 | CVE-2020-26154 | url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | Debian_linux, Fedora, Libproxy, Leap | 9.8 | ||
| 2020-09-30 | CVE-2020-25626 | A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. | Debian_linux, Django_rest_framework, Ceph_storage | 6.1 | ||
| 2020-10-02 | CVE-2020-26519 | Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. | Mupdf, Debian_linux, Fedora | 5.5 | ||
| 2020-10-02 | CVE-2020-7069 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. | Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_diameter_signaling_router, Php, Tenable\.sc | 6.5 | ||
| 2020-10-02 | CVE-2020-7070 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. | Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Php, Tenable\.sc | 5.3 | ||
| 2020-10-06 | CVE-2020-26570 | The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. | Debian_linux, Fedora, Opensc | 5.5 | ||
| 2020-10-06 | CVE-2020-26571 | The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. | Debian_linux, Fedora, Opensc | 5.5 | ||
| 2020-10-06 | CVE-2020-26572 | The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. | Debian_linux, Fedora, Opensc | 5.5 |