Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-07-26 | CVE-2018-10900 | Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root. | Debian_linux, Network_manager_vpnc | 7.8 | ||
2018-12-02 | CVE-2018-19787 | An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. | Ubuntu_linux, Debian_linux, Lxml | 6.1 | ||
2019-02-17 | CVE-2016-10742 | Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | Debian_linux, Zabbix | 6.1 | ||
2018-12-07 | CVE-2018-5800 | An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. | Ubuntu_linux, Debian_linux, Libraw, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
2017-02-09 | CVE-2017-5848 | The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | Debian_linux, Gstreamer, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.5 | ||
2017-02-09 | CVE-2017-5847 | The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | Debian_linux, Gstreamer | 7.5 | ||
2015-01-16 | CVE-2014-9496 | The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. | Ubuntu_linux, Debian_linux, Libsndfile, Opensuse, Solaris | N/A | ||
2008-01-18 | CVE-2007-6427 | The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Opensuse, Linux, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Open_enterprise_server, X_server | N/A | ||
2018-06-21 | CVE-2018-12617 | qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. | Ubuntu_linux, Debian_linux, Qemu | 7.5 | ||
2018-07-10 | CVE-2018-1128 | It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | Debian_linux, Leap, Ceph, Ceph_storage, Ceph_storage_mon, Ceph_storage_osd, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 |