Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-12-14 | CVE-2018-20153 | In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. | Debian_linux, Wordpress | 5.4 | ||
| 2018-12-14 | CVE-2018-20152 | In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. | Debian_linux, Wordpress | 6.5 | ||
| 2018-12-14 | CVE-2018-20151 | In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default. | Debian_linux, Wordpress | 7.5 | ||
| 2018-12-14 | CVE-2018-20150 | In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. | Debian_linux, Wordpress | 6.1 | ||
| 2018-12-14 | CVE-2018-20149 | In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. | Debian_linux, Wordpress | 5.4 | ||
| 2018-12-14 | CVE-2018-20148 | In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. | Debian_linux, Wordpress | 9.8 | ||
| 2018-07-23 | CVE-2018-1999010 | FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. | Debian_linux, Ffmpeg | 9.8 | ||
| 2018-12-11 | CVE-2018-19970 | In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | Debian_linux, Phpmyadmin | 6.1 | ||
| 2018-12-11 | CVE-2018-19968 | An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. | Debian_linux, Phpmyadmin | 6.5 | ||
| 2018-12-08 | CVE-2018-19967 | An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. | Debian_linux, Xen | 6.5 |