Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-04-07 | CVE-2016-2098 | Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. | Debian_linux, Rails, Ruby_on_rails | 7.3 | ||
2013-01-13 | CVE-2013-0155 | Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694. | Debian_linux, Rails, Ruby_on_rails | N/A | ||
2019-04-22 | CVE-2019-3902 | A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. | Debian_linux, Mercurial, Enterprise_linux | 5.9 | ||
2018-11-06 | CVE-2018-9516 | In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. | Ubuntu_linux, Debian_linux, Android | 7.8 | ||
2018-03-13 | CVE-2018-8087 | Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. | Ubuntu_linux, Debian_linux, Linux_kernel | 5.5 | ||
2018-12-03 | CVE-2018-19788 | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | Ubuntu_linux, Debian_linux, Polkit | 8.8 | ||
2018-11-12 | CVE-2018-19199 | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. | Debian_linux, Uriparser | 9.8 | ||
2018-11-12 | CVE-2018-19198 | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. | Debian_linux, Uriparser | 9.8 | ||
2018-10-31 | CVE-2018-16842 | Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | Ubuntu_linux, Debian_linux, Curl | 9.1 | ||
2018-09-07 | CVE-2018-16658 | An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. | Ubuntu_linux, Debian_linux, Linux_kernel | 6.1 |