Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-09-04 | CVE-2018-10907 | It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. | Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host | 8.8 | ||
| 2019-01-16 | CVE-2018-20721 | URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. | Debian_linux, Uriparser | 9.8 | ||
| 2015-11-06 | CVE-2015-6855 | hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | Eos, Ubuntu_linux, Debian_linux, Fedora, Qemu, Linux_enterprise_desktop, Linux_enterprise_server | 7.5 | ||
| 2016-02-15 | CVE-2016-0742 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. | Xcode, Ubuntu_linux, Debian_linux, Nginx, Leap, Software_collections | 7.5 | ||
| 2017-09-26 | CVE-2017-14737 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key. | Botan, Debian_linux | 5.5 | ||
| 2016-02-08 | CVE-2015-7513 | arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel | 6.5 | ||
| 2018-09-04 | CVE-2018-10930 | A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. | Debian_linux, Glusterfs, Leap, Enterprise_linux, Enterprise_linux_server, Virtualization, Virtualization_host | 6.5 | ||
| 2021-05-27 | CVE-2020-10729 | A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6. | Debian_linux, Ansible_engine | 5.5 | ||
| 2019-02-18 | CVE-2019-8905 | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | Ubuntu_linux, Debian_linux, File, Leap | 4.4 | ||
| 2019-02-20 | CVE-2019-7164 | SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | Debian_linux, Backports_sle, Leap, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Sqlalchemy | 9.8 |