Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-06-30 | CVE-2021-32566 | Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 | ||
2021-06-30 | CVE-2021-32567 | Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 | ||
2021-06-30 | CVE-2021-35474 | Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 9.8 | ||
2021-08-05 | CVE-2021-3566 | Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). | Debian_linux, Ffmpeg | 5.5 | ||
2020-06-03 | CVE-2020-6496 | Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Chrome, Backports_sle, Leap | 8.8 | ||
2020-01-27 | CVE-2019-20421 | In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. | Ubuntu_linux, Debian_linux, Exiv2 | 7.5 | ||
2020-03-16 | CVE-2019-20326 | A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | Debian_linux, Gthumb, Pix | 7.8 | ||
2020-04-30 | CVE-2020-11028 | In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | Debian_linux, Wordpress | 7.5 | ||
2021-04-29 | CVE-2021-21417 | fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file. | Debian_linux, Fluidsynth | 5.5 | ||
2020-07-29 | CVE-2020-15707 | Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code... | Ubuntu_linux, Debian_linux, Grub2, Windows_10, Windows_8\.1, Windows_rt_8\.1, Windows_server_2012, Windows_server_2016, Windows_server_2019, Active_iq_unified_manager, Leap, Enterprise_linux, Enterprise_linux_atomic_host, Openshift_container_platform, Suse_linux_enterprise_server | 6.4 |