Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-01-21 | CVE-2020-7040 | storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) | Ubuntu_linux, Debian_linux, Backports_sle, Leap, Storebackup | 8.1 | ||
2020-05-09 | CVE-2020-12767 | exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | Ubuntu_linux, Debian_linux, Libexif, Leap | 5.5 | ||
2020-05-21 | CVE-2020-13112 | An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | Ubuntu_linux, Debian_linux, Libexif, Leap | 9.1 | ||
2020-07-06 | CVE-2020-15569 | PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor. | Debian_linux, Milkytracker | 5.5 | ||
2020-07-10 | CVE-2020-11061 | In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10. | Bareos, Debian_linux | 7.4 | ||
2020-07-15 | CVE-2019-17637 | In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. | Debian_linux, Web_tools_platform | 7.1 | ||
2020-08-12 | CVE-2020-17446 | asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. | Debian_linux, Asyncpg | 9.8 | ||
2020-08-16 | CVE-2020-24361 | SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec. | Debian_linux, Snmptt | 9.8 | ||
2020-09-11 | CVE-2019-20917 | An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | Debian_linux, Inspircd | 6.5 | ||
2021-04-06 | CVE-2021-30130 | phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. | Debian_linux, Phpseclib | 7.5 |