Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-06-02 | CVE-2020-7663 | websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. | Ubuntu_linux, Debian_linux, Websocket\-Extensions | 7.5 | ||
2020-06-03 | CVE-2019-20811 | An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. | Ubuntu_linux, Debian_linux, Linux_kernel | 5.5 | ||
2020-07-06 | CVE-2020-15562 | An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. | Debian_linux, Webmail | 6.1 | ||
2020-07-21 | CVE-2020-15890 | LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. | Ubuntu_linux, Debian_linux, Luajit | 7.5 | ||
2022-10-12 | CVE-2021-36369 | An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. | Debian_linux, Dropbear_ssh | 7.5 | ||
2017-07-27 | CVE-2017-11683 | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | Ubuntu_linux, Debian_linux, Exiv2 | 6.5 | ||
2021-07-13 | CVE-2020-19716 | A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | Debian_linux, Exiv2 | 6.5 | ||
2021-07-18 | CVE-2021-36773 | uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). | Debian_linux, Nmatrix, Ublock_origin, Umatrix | 7.5 | ||
2021-11-03 | CVE-2021-22960 | The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. | Debian_linux, Llhttp, Graalvm | 6.5 | ||
2022-03-13 | CVE-2022-23960 | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. | Cortex\-A57_firmware, Cortex\-A65_firmware, Cortex\-A65ae_firmware, Cortex\-A710_firmware, Cortex\-A72_firmware, Cortex\-A73_firmware, Cortex\-A75_firmware, Cortex\-A76_firmware, Cortex\-A76ae_firmware, Cortex\-A77_firmware, Cortex\-A78_firmware, Cortex\-A78ae_firmware, Cortex\-R7_firmware, Cortex\-R8_firmware, Cortex\-X1_firmware, Cortex\-X2_firmware, Neoverse\-E1_firmware, Neoverse\-V1_firmware, Neoverse_n1_firmware, Neoverse_n2_firmware, Debian_linux, Xen | 5.6 |