Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-30 | CVE-2020-11025 | In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | Debian_linux, Wordpress | N/A | ||
| 2018-07-26 | CVE-2018-0618 | Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | Debian_linux, Mailman | 5.4 | ||
| 2018-07-10 | CVE-2018-1116 | A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. | Ubuntu_linux, Debian_linux, Polkit | N/A | ||
| 2018-05-30 | CVE-2018-11235 | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed,... | Ubuntu_linux, Debian_linux, Git, Git, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation | 7.8 | ||
| 2018-01-29 | CVE-2016-10711 | Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. | Pound, Debian_linux | 9.8 | ||
| 2017-06-01 | CVE-2017-6512 | Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. | Ubuntu_linux, Debian_linux, File\:\:path | N/A | ||
| 2015-05-12 | CVE-2015-3451 | The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Xml\-Libxml | N/A | ||
| 2018-10-31 | CVE-2018-18873 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | Ubuntu_linux, Debian_linux, Jasper, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2016-02-12 | CVE-2016-2073 | The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. | Ubuntu_linux, Debian_linux, Libxml2 | N/A | ||
| 2020-04-15 | CVE-2020-11729 | An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful. | Andrew\'s_web_libraries, Debian_linux | N/A |