Product:

Debian_linux

(Debian)
Repositories https://github.com/torvalds/linux
https://github.com/WordPress/WordPress
https://github.com/rdesktop/rdesktop
https://github.com/FFmpeg/FFmpeg
https://github.com/neomutt/neomutt
https://github.com/FasterXML/jackson-databind
https://github.com/ImageMagick/ImageMagick
https://github.com/redmine/redmine
https://github.com/rubygems/rubygems
https://github.com/dbry/WavPack
https://github.com/krb5/krb5
https://github.com/bcgit/bc-java
https://github.com/kyz/libmspack
https://github.com/libgd/libgd
https://github.com/gpac/gpac
https://github.com/mantisbt/mantisbt
https://github.com/newsoft/libvncserver
https://github.com/ceph/ceph
https://github.com/uriparser/uriparser
https://github.com/FreeRDP/FreeRDP
https://github.com/LibRaw/LibRaw
https://github.com/verdammelt/tnef
https://github.com/ARMmbed/mbedtls
https://github.com/LibVNC/libvncserver
https://github.com/libgit2/libgit2
https://github.com/mdadams/jasper
https://github.com/openssl/openssl
https://github.com/OTRS/otrs
https://github.com/Perl/perl5
https://github.com/php/php-src
https://github.com/antirez/redis
https://github.com/Yeraze/ytnef
https://github.com/inspircd/inspircd
https://github.com/python-pillow/Pillow
https://github.com/perl5-dbi/DBD-mysql
https://github.com/libevent/libevent
https://github.com/ntp-project/ntp
https://github.com/kamailio/kamailio
https://github.com/vadz/libtiff
https://github.com/curl/curl
https://github.com/dovecot/core
https://github.com/szukw000/openjpeg
https://github.com/memcached/memcached
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/mm2/Little-CMS
https://github.com/znc/znc
https://github.com/uclouvain/openjpeg
https://github.com/horde/horde
https://github.com/mono/mono
https://github.com/weechat/weechat
https://github.com/cyu/rack-cors
https://github.com/git/git
https://github.com/mysql/mysql-server
https://github.com/Exim/exim
https://github.com/GNOME/nautilus
https://github.com/varnishcache/varnish-cache
https://github.com/inverse-inc/sogo
https://github.com/phusion/passenger
https://github.com/openssh/openssh-portable
https://github.com/codehaus-plexus/plexus-archiver
https://github.com/karelzak/util-linux
https://git.kernel.org/pub/scm/git/git.git
https://github.com/apple/cups
https://github.com/shadowsocks/shadowsocks-libev
https://github.com/simplesamlphp/simplesamlphp
https://github.com/GNOME/evince
https://github.com/torproject/tor
https://github.com/beanshell/beanshell
https://github.com/derickr/timelib
https://github.com/libarchive/libarchive
https://github.com/openbsd/src
https://git.savannah.gnu.org/git/patch.git
https://github.com/puppetlabs/puppet
https://github.com/dom4j/dom4j
https://github.com/golang/go
https://github.com/sleuthkit/sleuthkit
https://github.com/zhutougg/c3p0
https://github.com/flori/json
https://github.com/symfony/symfony
https://github.com/akrennmair/newsbeuter
https://github.com/eldy/awstats
https://github.com/libyal/libevt
https://github.com/jcupitt/libvips
https://github.com/paramiko/paramiko
https://github.com/simplesamlphp/saml2
https://github.com/DanBloomberg/leptonica
https://github.com/anymail/django-anymail
https://github.com/mpv-player/mpv
https://github.com/python/cpython
https://github.com/lxml/lxml
https://github.com/TeX-Live/texlive-source
https://github.com/ImageMagick/ImageMagick6
https://github.com/resiprocate/resiprocate
https://github.com/vim-syntastic/syntastic
https://github.com/gosa-project/gosa-core
https://github.com/Cisco-Talos/clamav-devel
https://github.com/GNOME/librsvg
https://github.com/apache/httpd
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/mapserver/mapserver
https://github.com/splitbrain/dokuwiki
https://github.com/heimdal/heimdal
https://github.com/openstack/swauth
https://github.com/bottlepy/bottle
https://github.com/charybdis-ircd/charybdis
https://github.com/westes/flex
https://github.com/mjg59/pupnp-code
https://github.com/collectd/collectd
https://github.com/django/django
https://git.videolan.org/git/vlc.git
https://github.com/atheme/atheme
https://github.com/jpirko/libndp
https://github.com/fragglet/lhasa
https://github.com/neovim/neovim
https://github.com/Quagga/quagga
https://github.com/rohe/pysaml2
https://github.com/varnish/Varnish-Cache
https://github.com/PHPMailer/PHPMailer
https://github.com/Automattic/Genericons
https://github.com/jmacd/xdelta-devel
https://github.com/file/file
https://github.com/ellson/graphviz
https://github.com/axkibe/lsyncd
https://github.com/quassel/quassel
https://github.com/yarolig/didiwiki
https://github.com/jquery/jquery-ui
#Vulnerabilities 3832
Date ID Summary Products Score Patch
2020-05-19 CVE-2020-8617 Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state... Debian_linux, Bind N/A
2020-05-19 CVE-2020-8616 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit... Debian_linux, Bind N/A
2020-05-15 CVE-2020-3810 Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Apt, Debian_linux N/A
2020-02-24 CVE-2020-1935 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. Tomcat, Debian_linux N/A
2020-03-12 CVE-2020-1739 A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. Debian_linux, Fedora, Ansible, Ansible_tower, Cloudforms_management_engine, Openstack N/A
2020-03-11 CVE-2020-1733 A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target... Debian_linux, Fedora, Ansible, Ansible_tower, Cloudforms_management_engine, Openstack N/A
2020-04-30 CVE-2020-11652 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Debian_linux, Leap, Salt N/A
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. Debian_linux, Leap, Salt N/A
2020-04-17 CVE-2020-11868 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. Debian_linux, All_flash_fabric\-Attached_storage_8300_firmware, All_flash_fabric\-Attached_storage_8700_firmware, All_flash_fabric\-Attached_storage_a400_firmware, Clustered_data_ontap, Data_ontap, Fabric\-Attached_storage_8300_firmware, Fabric\-Attached_storage_8700_firmware, Fabric\-Attached_storage_a400_firmware, Hci_management_node, Hci_storage_node_firmware, Solidfire, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Ntp, Enterprise_linux N/A
2019-01-03 CVE-2018-16876 ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. Ubuntu_linux, Debian_linux, Ansible, Ansible_engine, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Openstack, Package_hub N/A