• git://
#Vulnerabilities 2884
Date Id Summary Products Score Patch Annotated
2020-10-02 CVE-2020-7069 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Php 6.5
2020-01-15 CVE-2020-2659 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE... Ubuntu_linux, Debian_linux, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 3.7
2019-02-08 CVE-2019-7638 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. Ubuntu_linux, Debian_linux, Fedora, Simple_directmedia_layer, Leap 8.8
2020-04-23 CVE-2019-20788 libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. Ubuntu_linux, Libvncserver, Leap 9.8
2020-01-08 CVE-2019-20367 nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). Ubuntu_linux, Debian_linux, Libbsd, Leap 9.1
2019-10-10 CVE-2019-17455 Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Ubuntu_linux, Debian_linux, Fedora, Libntlm, Backports_sle, Leap 9.8
2019-12-06 CVE-2019-1551 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also... Ubuntu_linux, Debian_linux, Fedora, Openssl, Leap, Enterprise_manager_ops_center, Mysql_enterprise_monitor, Peoplesoft_enterprise_peopletools 5.3
2019-02-08 CVE-2019-7635 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. Ubuntu_linux, Debian_linux, Fedora, Simple_directmedia_layer, Backports_sle, Leap 8.1
2019-02-07 CVE-2019-7578 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. Ubuntu_linux, Debian_linux, Fedora, Simple_directmedia_layer, Leap 8.1
2019-10-14 CVE-2019-17539 In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. Ubuntu_linux, Debian_linux, Ffmpeg 9.8