Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-09-11 | CVE-2019-16220 | In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16221 | WordPress before 5.2.3 allows reflected XSS in the dashboard. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16222 | WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. | Debian_linux, Wordpress | 6.1 | ||
2020-01-21 | CVE-2019-20387 | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | Debian_linux, Libsolv | 7.5 | ||
2022-01-10 | CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | Debian_linux, Pillow | 6.5 | ||
2022-01-10 | CVE-2022-22816 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | Debian_linux, Pillow | 6.5 | ||
2022-06-15 | CVE-2022-21127 | Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | Debian_linux, Sgx_dcap, Sgx_psw, Sgx_sdk, Xen | 5.5 | ||
2021-08-27 | CVE-2021-23434 | This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different. | Debian_linux, Object\-Path | 8.6 | ||
2021-09-17 | CVE-2021-3805 | object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | Debian_linux, Object\-Path | 7.5 | ||
2021-12-17 | CVE-2021-23450 | All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | Debian_linux, Dojo, Communications_policy_management, Primavera_unifier, Weblogic_server | 9.8 |