Shodan
Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  Security Vulnerabilities
CVE-2019-14575
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-23
CVE-2019-14562
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-11-23
CVE-2020-20739
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-11-20
CVE-2020-20740
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().
CVSS Score
7.8
EPSS Score
0.004
Published
2020-11-20
CVE-2020-28974
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.
CVSS Score
5.0
EPSS Score
0.001
Published
2020-11-20
CVE-2020-19667
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-11-20
CVE-2020-28941
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-11-19
CVE-2020-28948
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
CVSS Score
7.8
EPSS Score
0.769
Published
2020-11-19
CVE-2020-28949
Known exploited
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
CVSS Score
7.8
EPSS Score
0.934
Published
2020-11-19
CVE-2019-20933
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
CVSS Score
9.8
EPSS Score
0.94
Published
2020-11-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved