Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-21 | CVE-2020-15890 | LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. | Ubuntu_linux, Debian_linux, Luajit | 7.5 | ||
| 2022-10-12 | CVE-2021-36369 | An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. | Debian_linux, Dropbear_ssh | 7.5 | ||
| 2017-07-27 | CVE-2017-11683 | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | Ubuntu_linux, Debian_linux, Exiv2 | 6.5 | ||
| 2021-07-13 | CVE-2020-19716 | A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | Debian_linux, Exiv2 | 6.5 | ||
| 2021-07-18 | CVE-2021-36773 | uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). | Debian_linux, Nmatrix, Ublock_origin, Umatrix | 7.5 | ||
| 2021-11-03 | CVE-2021-22960 | The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. | Debian_linux, Llhttp, Graalvm | 6.5 | ||
| 2022-03-13 | CVE-2022-23960 | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. | Cortex\-A57_firmware, Cortex\-A65_firmware, Cortex\-A65ae_firmware, Cortex\-A710_firmware, Cortex\-A72_firmware, Cortex\-A73_firmware, Cortex\-A75_firmware, Cortex\-A76_firmware, Cortex\-A76ae_firmware, Cortex\-A77_firmware, Cortex\-A78_firmware, Cortex\-A78ae_firmware, Cortex\-R7_firmware, Cortex\-R8_firmware, Cortex\-X1_firmware, Cortex\-X2_firmware, Neoverse\-E1_firmware, Neoverse\-V1_firmware, Neoverse_n1_firmware, Neoverse_n2_firmware, Debian_linux, Xen | 5.6 | ||
| 2017-09-12 | CVE-2017-1000251 | The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. | Debian_linux, Linux_kernel, Jetson_tk1, Jetson_tx1, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.0 | ||
| 2009-08-05 | CVE-2009-2687 | The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. | Debian_linux, Php | N/A | ||
| 2010-08-20 | CVE-2010-2531 | The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. | Debian_linux, Php | N/A |