Product:

Debian_linux

(Debian)
Repositories https://github.com/torvalds/linux
https://github.com/WordPress/WordPress
https://github.com/rdesktop/rdesktop
https://github.com/FFmpeg/FFmpeg
https://github.com/neomutt/neomutt
https://github.com/FasterXML/jackson-databind
https://github.com/ImageMagick/ImageMagick
https://github.com/redmine/redmine
https://github.com/rubygems/rubygems
https://github.com/dbry/WavPack
https://github.com/krb5/krb5
https://github.com/bcgit/bc-java
https://github.com/kyz/libmspack
https://github.com/libgd/libgd
https://github.com/gpac/gpac
https://github.com/mantisbt/mantisbt
https://github.com/newsoft/libvncserver
https://github.com/ceph/ceph
https://github.com/uriparser/uriparser
https://github.com/FreeRDP/FreeRDP
https://github.com/LibRaw/LibRaw
https://github.com/verdammelt/tnef
https://github.com/ARMmbed/mbedtls
https://github.com/LibVNC/libvncserver
https://github.com/libgit2/libgit2
https://github.com/mdadams/jasper
https://github.com/openssl/openssl
https://github.com/OTRS/otrs
https://github.com/Perl/perl5
https://github.com/php/php-src
https://github.com/antirez/redis
https://github.com/Yeraze/ytnef
https://github.com/inspircd/inspircd
https://github.com/python-pillow/Pillow
https://github.com/perl5-dbi/DBD-mysql
https://github.com/libevent/libevent
https://github.com/ntp-project/ntp
https://github.com/kamailio/kamailio
https://github.com/vadz/libtiff
https://github.com/curl/curl
https://github.com/dovecot/core
https://github.com/szukw000/openjpeg
https://github.com/memcached/memcached
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/mm2/Little-CMS
https://github.com/znc/znc
https://github.com/uclouvain/openjpeg
https://github.com/horde/horde
https://github.com/mono/mono
https://github.com/libyal/libevt
https://github.com/weechat/weechat
https://github.com/cyu/rack-cors
https://github.com/git/git
https://github.com/mysql/mysql-server
https://github.com/Exim/exim
https://github.com/GNOME/nautilus
https://github.com/varnishcache/varnish-cache
https://github.com/inverse-inc/sogo
https://github.com/phusion/passenger
https://github.com/openssh/openssh-portable
https://github.com/codehaus-plexus/plexus-archiver
https://github.com/karelzak/util-linux
https://git.kernel.org/pub/scm/git/git.git
https://github.com/apple/cups
https://github.com/shadowsocks/shadowsocks-libev
https://github.com/simplesamlphp/simplesamlphp
https://github.com/GNOME/evince
https://github.com/torproject/tor
https://github.com/beanshell/beanshell
https://github.com/derickr/timelib
https://github.com/libarchive/libarchive
https://github.com/openbsd/src
https://git.savannah.gnu.org/git/patch.git
https://github.com/puppetlabs/puppet
https://github.com/dom4j/dom4j
https://github.com/golang/go
https://github.com/sleuthkit/sleuthkit
https://github.com/zhutougg/c3p0
https://github.com/flori/json
https://github.com/symfony/symfony
https://github.com/akrennmair/newsbeuter
https://github.com/eldy/awstats
https://github.com/jcupitt/libvips
https://github.com/paramiko/paramiko
https://github.com/simplesamlphp/saml2
https://github.com/DanBloomberg/leptonica
https://github.com/anymail/django-anymail
https://github.com/mpv-player/mpv
https://github.com/python/cpython
https://github.com/lxml/lxml
https://github.com/TeX-Live/texlive-source
https://github.com/ImageMagick/ImageMagick6
https://github.com/resiprocate/resiprocate
https://github.com/vim-syntastic/syntastic
https://github.com/gosa-project/gosa-core
https://github.com/Cisco-Talos/clamav-devel
https://github.com/GNOME/librsvg
https://github.com/apache/httpd
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/mapserver/mapserver
https://github.com/splitbrain/dokuwiki
https://github.com/heimdal/heimdal
https://github.com/openstack/swauth
https://github.com/bottlepy/bottle
https://github.com/charybdis-ircd/charybdis
https://github.com/westes/flex
https://github.com/mjg59/pupnp-code
https://github.com/collectd/collectd
https://github.com/django/django
https://git.videolan.org/git/vlc.git
https://github.com/atheme/atheme
https://github.com/jpirko/libndp
https://github.com/fragglet/lhasa
https://github.com/neovim/neovim
https://github.com/Quagga/quagga
https://github.com/rohe/pysaml2
https://github.com/varnish/Varnish-Cache
https://github.com/PHPMailer/PHPMailer
https://github.com/Automattic/Genericons
https://github.com/jmacd/xdelta-devel
https://github.com/file/file
https://github.com/ellson/graphviz
https://github.com/axkibe/lsyncd
https://github.com/quassel/quassel
https://github.com/yarolig/didiwiki
https://github.com/jquery/jquery-ui
#Vulnerabilities 3871
Date ID Summary Products Score Patch
2020-06-08 CVE-2020-13696 An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated... Debian_linux, Xawtv, Backports_sle, Leap N/A
2020-06-04 CVE-2020-13777 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. Ubuntu_linux, Debian_linux, Fedora, Gnutls N/A
2019-12-23 CVE-2019-17563 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. Tomcat, Ubuntu_linux, Debian_linux, Leap N/A
2017-08-07 CVE-2015-7871 Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp N/A
2017-08-07 CVE-2015-7855 The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp N/A
2017-08-07 CVE-2015-7852 ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A
2017-08-07 CVE-2015-7850 ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp N/A
2017-08-07 CVE-2015-7704 The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. Xenserver, Debian_linux, Enterprise_security_manager, Clustered_data_ontap, Data_ontap, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A
2017-07-24 CVE-2015-7703 The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A
2017-08-07 CVE-2015-7702 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A