Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-28 | CVE-2020-8086 | The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | Debian_linux, Mod_auth_ldap, Mod_auth_ldap2 | N/A | ||
| 2019-12-03 | CVE-2015-7542 | A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. | Gwenhywfar, Debian_linux, Leap | N/A | ||
| 2020-01-27 | CVE-2015-0294 | GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | Debian_linux, Gnutls, Enterprise_linux | N/A | ||
| 2020-01-27 | CVE-2015-0244 | PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | Debian_linux, Postgresql | N/A | ||
| 2020-01-27 | CVE-2015-0243 | Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | Debian_linux, Postgresql | N/A | ||
| 2020-01-27 | CVE-2015-0242 | Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | Debian_linux, Postgresql | N/A | ||
| 2020-01-27 | CVE-2015-0241 | The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. | Debian_linux, Postgresql | N/A | ||
| 2020-01-27 | CVE-2014-8161 | PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. | Debian_linux, Postgresql | N/A | ||
| 2018-01-14 | CVE-2018-5686 | In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. | Mupdf, Debian_linux | N/A | ||
| 2020-01-15 | CVE-2020-2655 | Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This... | Debian_linux, Jdk, Jre, Enterprise_linux | N/A |