Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-01-14 | CVE-2019-6256 | A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. | Debian_linux, Live555_media_server | 9.8 | ||
2018-01-23 | CVE-2018-5683 | The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | Ubuntu_linux, Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | N/A | ||
2017-02-27 | CVE-2017-5946 | The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem. | Debian_linux, Rubyzip | N/A | ||
2018-04-23 | CVE-2017-17833 | OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | Ubuntu_linux, Debian_linux, Bm_nextscale_fan_power_controller, Cmm, Fan_power_controller, Flex_system_fc3171_8gb_san_switch_firmware, Imm1, Imm2, Storage_n3310_firmware, Storage_n4610_firmware, Thinkserver_rd340_firmware, Thinkserver_rd350_firmware, Thinkserver_rd350g_firmware, Thinkserver_rd350x_firmware, Thinkserver_rd440_firmware, Thinkserver_rd450_firmware, Thinkserver_rd450x_firmware, Thinkserver_rd540_firmware, Thinkserver_rd550_firmware, Thinkserver_rd640_firmware, Thinkserver_rd650_firmware, Thinkserver_rq750_firmware, Thinkserver_rs160_firmware, Thinkserver_sd350_firmware, Thinkserver_td340_firmware, Thinkserver_td350_firmware, Thinkserver_ts460_firmware, Thinksystem_hr630x_firmware, Thinksystem_hr650x_firmware, Thinksystem_sr630_firmware, Xclarity_administrator, Openslp, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 9.8 | ||
2016-06-01 | CVE-2016-4454 | The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. | Ubuntu_linux, Debian_linux, Qemu | N/A | ||
2016-06-01 | CVE-2016-4453 | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. | Ubuntu_linux, Debian_linux, Qemu | N/A | ||
2016-05-20 | CVE-2016-4441 | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. | Ubuntu_linux, Debian_linux, Qemu | N/A | ||
2016-05-20 | CVE-2016-4439 | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. | Ubuntu_linux, Debian_linux, Qemu | N/A | ||
2014-12-03 | CVE-2014-8104 | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | Ubuntu_linux, Debian_linux, Mageia, Opensuse, Openvpn, Openvpn_access_server | N/A | ||
2020-04-30 | CVE-2020-11030 | In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | Debian_linux, Wordpress | N/A |