Debian_linux
(Debian)| Date | ID | Summary | Products | Score | Patch | |
|---|---|---|---|---|---|---|
| 2020-01-28 | CVE-2020-8112 | opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. | Debian_linux, Openjpeg | N/A | ||
| 2019-12-25 | CVE-2019-19966 | In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | Debian_linux, Linux_kernel | N/A | ||
| 2019-12-03 | CVE-2019-19527 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | Debian_linux, Linux_kernel | N/A | ||
| 2019-11-21 | CVE-2019-19204 | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. | Debian_linux, Fedora, Oniguruma | N/A | ||
| 2019-10-23 | CVE-2019-18281 | An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. | Debian_linux, Qtbase | N/A | ||
| 2018-09-18 | CVE-2018-1000802 | Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit... | Ubuntu_linux, Debian_linux, Leap, Python | N/A | ||
| 2016-11-10 | CVE-2016-5195 | Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | Ubuntu_core, Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_long_life, Enterprise_linux_tus | 7.8 | ||
| 2019-11-25 | CVE-2015-1396 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | Debian_linux, Patch | N/A | ||
| 2019-12-23 | CVE-2019-17563 | When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. | Tomcat, Ubuntu_linux, Debian_linux, Leap | N/A | ||
| 2020-01-24 | CVE-2014-4172 | A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | \.net_cas_client, Java_cas_client, Phpcas, Debian_linux, Fedora | N/A |