Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-23 | CVE-2018-1999010 | FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. | Debian_linux, Ffmpeg | 9.8 | ||
| 2018-12-11 | CVE-2018-19970 | In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | Debian_linux, Phpmyadmin | 6.1 | ||
| 2018-12-11 | CVE-2018-19968 | An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. | Debian_linux, Phpmyadmin | 6.5 | ||
| 2018-12-08 | CVE-2018-19967 | An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. | Debian_linux, Xen | 6.5 | ||
| 2018-11-26 | CVE-2018-19543 | An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. | Ubuntu_linux, Debian_linux, Jasper, Linux_enterprise_desktop, Linux_enterprise_server | 7.8 | ||
| 2018-11-23 | CVE-2018-19492 | An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. | Debian_linux, Gnuplot, Leap | 7.8 | ||
| 2018-11-23 | CVE-2018-19491 | An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend. | Debian_linux, Gnuplot, Leap | 7.8 | ||
| 2018-11-12 | CVE-2018-19200 | An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. | Debian_linux, Uriparser | 7.5 | ||
| 2018-11-11 | CVE-2018-19143 | Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | Debian_linux, Open_ticket_request_system | 6.5 | ||
| 2018-11-11 | CVE-2018-19141 | Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | Debian_linux, Open_ticket_request_system | 4.8 |