Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-02-05 | CVE-2020-8632 | In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | Cloud\-Init, Debian_linux, Leap | 5.5 | ||
2020-02-06 | CVE-2016-9928 | MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | Ubuntu_linux, Debian_linux, Mcabber | 7.4 | ||
2020-02-17 | CVE-2015-0258 | Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | Ubuntu_linux, Debian_linux, Collabtive | 8.8 | ||
2020-02-23 | CVE-2020-9355 | danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. | Debian_linux, Networkmanager\-Ssh | 9.8 | ||
2020-02-27 | CVE-2020-7062 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. | Ubuntu_linux, Debian_linux, Leap, Php | 7.5 | ||
2020-02-28 | CVE-2019-10064 | hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743. | Debian_linux, Hostapd | 7.5 | ||
2020-03-24 | CVE-2020-10938 | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. | Debian_linux, Graphicsmagick, Backports, Leap | 9.8 | ||
2020-10-05 | CVE-2019-14558 | Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. | Debian_linux, Bios | 5.7 | ||
2020-10-07 | CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | Debian_linux, Backports_sle, Leap, Zabbix | 9.8 | ||
2020-11-23 | CVE-2019-14563 | Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | Debian_linux, Edk2 | 7.8 |