• git://
#Vulnerabilities 8756
Date Id Summary Products Score Patch Annotated
2017-03-17 CVE-2017-6960 An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable. Apng2gif, Ubuntu_linux, Debian_linux 7.5
2017-07-08 CVE-2017-11104 Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. Debian_linux, Knot_dns 5.9
2018-04-03 CVE-2018-9240 ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur. Ubuntu_linux, Debian_linux, Ncmpc 7.5
2019-03-11 CVE-2019-9656 An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump. Ubuntu_linux, Debian_linux, Libofx 8.8
2019-05-22 CVE-2019-9892 An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem. Debian_linux, Otrs 6.5
2019-08-01 CVE-2019-14496 LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. Ubuntu_linux, Debian_linux, Milkytracker 7.8
2019-08-01 CVE-2019-14497 ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. Ubuntu_linux, Debian_linux, Milkytracker 7.8
2019-12-27 CVE-2019-20043 In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Debian_linux, Wordpress 4.3
2019-12-30 CVE-2019-20096 In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. Ubuntu_linux, Debian_linux, Linux_kernel 5.5
2020-01-02 CVE-2019-20208 dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. Debian_linux, Gpac 5.5