Product:

Debian_linux

(Debian)
Repositories https://github.com/torvalds/linux
https://github.com/ImageMagick/ImageMagick
https://github.com/WordPress/WordPress
https://github.com/FFmpeg/FFmpeg
https://github.com/rdesktop/rdesktop
https://github.com/neomutt/neomutt
https://github.com/FasterXML/jackson-databind
https://github.com/the-tcpdump-group/tcpdump
https://github.com/redmine/redmine
https://github.com/rubygems/rubygems
https://github.com/dbry/WavPack
https://github.com/bcgit/bc-java
https://github.com/krb5/krb5
https://github.com/mantisbt/mantisbt
https://github.com/libgd/libgd
https://github.com/kyz/libmspack
https://github.com/gpac/gpac
https://github.com/newsoft/libvncserver
https://github.com/LibRaw/LibRaw
https://github.com/ceph/ceph
https://github.com/php/php-src
https://github.com/uriparser/uriparser
https://github.com/FreeRDP/FreeRDP
https://github.com/verdammelt/tnef
https://github.com/LibVNC/libvncserver
https://github.com/inspircd/inspircd
https://github.com/libgit2/libgit2
https://github.com/Perl/perl5
https://github.com/OTRS/otrs
https://github.com/antirez/redis
https://github.com/ARMmbed/mbedtls
https://github.com/mdadams/jasper
https://github.com/openssl/openssl
https://github.com/Yeraze/ytnef
https://github.com/python-pillow/Pillow
https://github.com/perl5-dbi/DBD-mysql
https://github.com/libevent/libevent
https://github.com/ntp-project/ntp
https://github.com/szukw000/openjpeg
https://github.com/uclouvain/openjpeg
https://github.com/mm2/Little-CMS
https://github.com/memcached/memcached
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/kamailio/kamailio
https://github.com/vadz/libtiff
https://github.com/curl/curl
https://github.com/dovecot/core
https://github.com/znc/znc
https://github.com/horde/horde
https://github.com/mono/mono
https://github.com/lxml/lxml
https://github.com/GStreamer/gst-plugins-ugly
https://github.com/erikd/libsndfile
https://github.com/ruby/openssl
https://github.com/python/cpython
https://github.com/akrennmair/newsbeuter
https://github.com/beanshell/beanshell
https://github.com/paramiko/paramiko
https://github.com/apache/httpd
https://github.com/ImageMagick/ImageMagick6
https://github.com/openssh/openssh-portable
https://github.com/git/git
https://github.com/openbsd/src
• git://git.openssl.org/openssl.git
https://github.com/dom4j/dom4j
https://github.com/weechat/weechat
https://github.com/cyu/rack-cors
https://github.com/mysql/mysql-server
https://github.com/Exim/exim
https://github.com/GNOME/nautilus
https://github.com/varnishcache/varnish-cache
https://github.com/inverse-inc/sogo
https://github.com/phusion/passenger
https://github.com/codehaus-plexus/plexus-archiver
https://github.com/karelzak/util-linux
https://git.kernel.org/pub/scm/git/git.git
https://github.com/apple/cups
https://github.com/shadowsocks/shadowsocks-libev
https://github.com/simplesamlphp/simplesamlphp
https://github.com/GNOME/evince
https://github.com/torproject/tor
https://github.com/derickr/timelib
https://github.com/libarchive/libarchive
https://git.savannah.gnu.org/git/patch.git
https://github.com/puppetlabs/puppet
https://github.com/golang/go
https://github.com/sleuthkit/sleuthkit
https://github.com/zhutougg/c3p0
https://github.com/flori/json
https://github.com/symfony/symfony
https://github.com/eldy/awstats
https://github.com/jcupitt/libvips
https://github.com/simplesamlphp/saml2
https://github.com/DanBloomberg/leptonica
https://github.com/anymail/django-anymail
https://github.com/mpv-player/mpv
https://github.com/TeX-Live/texlive-source
https://github.com/resiprocate/resiprocate
https://github.com/vim-syntastic/syntastic
https://github.com/gosa-project/gosa-core
https://github.com/Cisco-Talos/clamav-devel
https://github.com/GNOME/librsvg
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/mapserver/mapserver
https://github.com/splitbrain/dokuwiki
https://github.com/heimdal/heimdal
https://github.com/openstack/swauth
https://github.com/bottlepy/bottle
https://github.com/charybdis-ircd/charybdis
https://github.com/westes/flex
https://github.com/mjg59/pupnp-code
https://github.com/collectd/collectd
https://github.com/django/django
https://git.videolan.org/git/vlc.git
https://github.com/atheme/atheme
https://github.com/jpirko/libndp
https://github.com/fragglet/lhasa
https://github.com/neovim/neovim
https://github.com/Quagga/quagga
https://github.com/rohe/pysaml2
https://github.com/varnish/Varnish-Cache
https://github.com/PHPMailer/PHPMailer
https://github.com/Automattic/Genericons
https://github.com/jmacd/xdelta-devel
https://github.com/file/file
https://github.com/ellson/graphviz
https://github.com/axkibe/lsyncd
https://github.com/quassel/quassel
https://github.com/yarolig/didiwiki
https://github.com/jquery/jquery-ui
#Vulnerabilities 4419
Date Id Summary Products Score Patch Annotated
2020-08-11 CVE-2020-17368 Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. Debian_linux, Firejail 9.8
2020-08-11 CVE-2020-17367 Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. Debian_linux, Firejail 7.8
2020-12-15 CVE-2020-0499 In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 Debian_linux, Android 4.3
2020-12-12 CVE-2020-35176 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. Awstats, Debian_linux 5.3
2020-12-07 CVE-2020-29600 In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. Awstats, Debian_linux 9.8
2020-12-16 CVE-2020-29363 An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. Debian_linux, P11\-Kit 7.5
2020-11-03 CVE-2020-16009 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Backports_sle, Leap 8.8
2020-08-12 CVE-2020-12100 In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. Debian_linux, Dovecot 7.5
2018-05-16 CVE-2018-11212 An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. Ubuntu_linux, Debian_linux, Libjpeg, Oncommand_unified_manager, Oncommand_workflow_automation, Snapmanager, Leap, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite 6.5
2020-04-28 CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. Debian_linux, Fedora, Json, Leap 7.5