Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-11 | CVE-2019-10193 | A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. | Ubuntu_linux, Debian_linux, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Openstack, Redis | 7.2 | ||
| 2019-12-16 | CVE-2019-16779 | In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this. | Debian_linux, Excon, Backports_sle, Leap | 5.9 | ||
| 2020-06-19 | CVE-2020-8167 | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | Debian_linux, Rails | 6.5 | ||
| 2021-09-16 | CVE-2020-21533 | fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. | Debian_linux, Fig2dev | 5.5 | ||
| 2021-09-16 | CVE-2020-21534 | fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. | Debian_linux, Fig2dev | 5.5 | ||
| 2021-10-12 | CVE-2021-42326 | Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. | Debian_linux, Redmine | 5.3 | ||
| 2017-08-08 | CVE-2017-12678 | In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | Debian_linux, Taglib | 8.8 | ||
| 2017-09-03 | CVE-2017-14121 | The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references. | Debian_linux, Unrar | 5.5 | ||
| 2021-10-11 | CVE-2021-25633 | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused... | Debian_linux, Libreoffice | 7.5 | ||
| 2021-10-12 | CVE-2021-25634 | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue... | Debian_linux, Libreoffice | 7.5 |