Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-12-08 | CVE-2014-3616 | nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. | Debian_linux, Nginx | N/A | ||
| 2016-06-07 | CVE-2016-4450 | os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. | Ubuntu_linux, Debian_linux, Nginx | 7.5 | ||
| 2019-11-19 | CVE-2011-4968 | nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | Debian_linux, Nginx | 4.8 | ||
| 2007-05-10 | CVE-2007-2583 | The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. | Ubuntu_linux, Debian_linux, Mysql | N/A | ||
| 2018-06-26 | CVE-2018-12895 | WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is... | Debian_linux, Wordpress | 8.8 | ||
| 2021-01-04 | CVE-2020-35965 | decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. | Debian_linux, Ffmpeg | 7.5 | ||
| 2021-05-26 | CVE-2020-22015 | Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. | Debian_linux, Ffmpeg | 8.8 | ||
| 2021-05-26 | CVE-2020-22019 | Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. | Debian_linux, Ffmpeg | 6.5 | ||
| 2021-05-26 | CVE-2020-22021 | Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. | Debian_linux, Ffmpeg | 6.5 | ||
| 2021-05-26 | CVE-2020-22026 | Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. | Debian_linux, Ffmpeg | 6.5 |