Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2015-02-27 | CVE-2015-1414 | Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. | Debian_linux, Freebsd, Pfsense | N/A | ||
2019-01-11 | CVE-2019-6133 | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. | Ubuntu_linux, Debian_linux, Polkit, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 6.7 | ||
2003-07-02 | CVE-2003-0367 | znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | Debian_linux, Gzip | N/A | ||
2019-04-08 | CVE-2019-11009 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. | Debian_linux, Graphicsmagick, Leap | 8.1 | ||
2007-05-09 | CVE-2007-1864 | Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. | Ubuntu_linux, Debian_linux, Php, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2019-02-20 | CVE-2018-5819 | An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. | Debian_linux, Libraw | 7.5 | ||
2019-02-20 | CVE-2018-5817 | A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. | Debian_linux, Libraw | 7.5 | ||
2018-06-12 | CVE-2018-5814 | In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. | Ubuntu_linux, Debian_linux, Linux_kernel | 7.0 | ||
2018-08-20 | CVE-2018-15594 | arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. | Ubuntu_linux, Debian_linux, Linux_kernel | 5.5 | ||
2018-09-11 | CVE-2018-10853 | A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. | Ubuntu_linux, Debian_linux, Linux_kernel | 7.8 |