Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-01-10 | CVE-2022-22816 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | Debian_linux, Pillow | 6.5 | ||
2022-06-15 | CVE-2022-21127 | Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | Debian_linux, Sgx_dcap, Sgx_psw, Sgx_sdk, Xen | 5.5 | ||
2021-08-27 | CVE-2021-23434 | This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different. | Debian_linux, Object\-Path | 8.6 | ||
2021-09-17 | CVE-2021-3805 | object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | Debian_linux, Object\-Path | 7.5 | ||
2021-12-17 | CVE-2021-23450 | All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | Debian_linux, Dojo, Communications_policy_management, Primavera_unifier, Weblogic_server | 9.8 | ||
2022-12-13 | CVE-2022-45685 | A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. | Debian_linux, Jettison | 7.5 | ||
2017-09-13 | CVE-2017-2816 | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. | Debian_linux, Libofx | 8.8 | ||
2022-08-30 | CVE-2021-46837 | res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. | Certified_asterisk, Debian_linux, Asterisk | 6.5 | ||
2018-04-24 | CVE-2017-14448 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | Debian_linux, Sdl_image | 8.8 | ||
2020-01-08 | CVE-2019-17023 | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. | Ubuntu_linux, Debian_linux, Firefox | 6.5 |