Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-03-01 | CVE-2017-5974 | Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | Debian_linux, Zziplib | 5.5 | ||
2017-08-31 | CVE-2016-10510 | Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php. | Debian_linux, Kohana | 6.1 | ||
2020-10-13 | CVE-2020-25645 | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | Ubuntu_linux, Debian_linux, Linux_kernel, Hci_compute_node_bios, Solidfire_\&_hci_management_node, Solidfire_\&_hci_storage_node, Leap | 7.5 | ||
2020-08-11 | CVE-2020-17489 | An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | Ubuntu_linux, Debian_linux, Gnome\-Shell, Leap | 4.3 | ||
2017-08-04 | CVE-2017-12424 | In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. | Debian_linux, Shadow | 9.8 | ||
2010-08-19 | CVE-2010-2520 | Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | Mac_os_x, Ubuntu_linux, Debian_linux, Freetype | N/A | ||
2010-08-19 | CVE-2010-2497 | Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | Mac_os_x, Debian_linux, Freetype | N/A | ||
2017-10-05 | CVE-2017-15041 | Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the... | Debian_linux, Go, Developer_tools, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_tus | 9.8 | ||
2019-11-28 | CVE-2019-19318 | In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, | Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Aff_a400_firmware, Aff_a700s_firmware, Data_availability_services, Fas8300_firmware, Fas8700_firmware, H610s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap | 4.4 | ||
2017-02-15 | CVE-2016-9560 | Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. | Debian_linux, Jasper, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 |