• git://
#Vulnerabilities 7427
Date Id Summary Products Score Patch Annotated
2019-12-27 CVE-2019-20041 wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. Debian_linux, Wordpress 9.8
2022-10-19 CVE-2022-41742 NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4... Debian_linux, Nginx, Nginx_ingress_controller, Fedora 7.1
2022-11-08 CVE-2022-39377 sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. Debian_linux, Fedora, Sysstat 9.8
2021-07-13 CVE-2021-34552 Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Debian_linux, Fedora, Pillow 9.8
2022-01-10 CVE-2022-22815 path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. Debian_linux, Pillow 6.5
2022-01-10 CVE-2022-22816 path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. Debian_linux, Pillow 6.5
2022-01-10 CVE-2022-22817 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used, Debian_linux, Pillow 9.8
2022-09-14 CVE-2022-40674 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Debian_linux, Libexpat 9.8
2020-04-01 CVE-2020-6096 An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this... Debian_linux, Fedora, Glibc 8.1
2020-07-27 CVE-2020-12460 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. Debian_linux, Fedora, Opendmarc 9.8