Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2011-07-28 | CVE-2011-2688 | SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field. | Debian_linux, Mod_authnz_external | N/A | ||
2011-03-29 | CVE-2011-1176 | The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process. | Debian_linux, Mpm\-Itk | N/A | ||
2006-04-25 | CVE-2006-2016 | Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. | Debian_linux, Phpldapadmin | N/A | ||
2005-05-19 | CVE-2005-1260 | bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | Mac_os_x, Bzip2, Ubuntu_linux, Debian_linux | N/A | ||
2017-10-17 | CVE-2017-13080 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. | Ubuntu_linux, Debian_linux, Freebsd, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Linux_enterprise_desktop, Linux_enterprise_point_of_sale, Linux_enterprise_server, Openstack_cloud, Hostapd, Wpa_supplicant | 5.3 | ||
2020-01-09 | CVE-2020-5504 | In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | Debian_linux, Phpmyadmin, Suse_linux_enterprise_server | 8.8 | ||
2019-12-06 | CVE-2019-19617 | phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | Debian_linux, Phpmyadmin | 9.8 | ||
2019-09-24 | CVE-2019-16728 | DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. | Dompurify, Debian_linux | 6.1 | ||
2018-12-07 | CVE-2018-5802 | An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | Ubuntu_linux, Debian_linux, Libraw, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
2017-06-16 | CVE-2017-9503 | QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. | Debian_linux, Qemu | 5.5 |