Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-10 | CVE-2018-3838 | An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. | Debian_linux, Sdl_image | 6.5 | ||
| 2019-10-08 | CVE-2019-17349 | An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | Debian_linux, Xen | 5.5 | ||
| 2019-10-17 | CVE-2019-17669 | WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | Debian_linux, Wordpress | 9.8 | ||
| 2019-10-17 | CVE-2019-17671 | In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | Debian_linux, Wordpress | 5.3 | ||
| 2019-10-17 | CVE-2019-17672 | WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | Debian_linux, Wordpress | 6.1 | ||
| 2019-10-17 | CVE-2019-17674 | WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | Debian_linux, Wordpress | 5.4 | ||
| 2019-10-17 | CVE-2019-17675 | WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | Debian_linux, Wordpress | 8.8 | ||
| 2018-04-24 | CVE-2017-12081 | An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | Blender, Debian_linux | 7.8 | ||
| 2018-04-24 | CVE-2018-3836 | An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. | Debian_linux, Leptonica | 7.8 | ||
| 2018-05-26 | CVE-2018-11490 | The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. | Ubuntu_linux, Debian_linux, Giflib, Sam2p | 8.8 |