Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-15 | CVE-2016-7103 | Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | Debian_linux, Fedora, Jquery_ui, Junos, Snapcenter, Application_express, Business_intelligence, Hospitality_cruise_fleet_management, Oss_support_tools, Primavera_unifier, Siebel_ui_framework, Weblogic_server, Openstack | 6.1 | ||
| 2013-11-19 | CVE-2013-6629 | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | Gpl_ghostscript, Ubuntu_linux, Debian_linux, Fedora, Chrome, Libjpeg\-Turbo, Firefox, Firefox_esr, Seamonkey, Thunderbird, Opensuse, Solaris | N/A | ||
| 2014-11-24 | CVE-2010-5312 | Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | Drill, Debian_linux, Drupal, Fedora, Jquery_ui, Snapcenter | 6.1 | ||
| 2016-04-13 | CVE-2016-3630 | The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | Debian_linux, Fedora, Mercurial, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit | 8.8 | ||
| 2018-03-16 | CVE-2018-1068 | A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. | Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_host | 6.7 | ||
| 2019-01-16 | CVE-2017-3145 | BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. | Debian_linux, Bind, Junos, Data_ontap_edge, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.5 | ||
| 2020-04-30 | CVE-2020-11027 | In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | Debian_linux, Wordpress | 8.1 | ||
| 2019-05-22 | CVE-2019-11841 | A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it.... | Debian_linux, Crypto | 5.9 | ||
| 2018-03-23 | CVE-2018-1000140 | rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. | Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Librelp | 9.8 | ||
| 2018-01-10 | CVE-2017-17485 | FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. | Debian_linux, Jackson\-Databind, E\-Series_santricity_os_controller, E\-Series_santricity_web_services_proxy, Oncommand_shift, Snapcenter, Jboss_enterprise_application_platform, Openshift_container_platform | 9.8 |