Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-15 | CVE-2017-1002201 | In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. | Debian_linux, Haml | 6.1 | ||
| 2019-10-29 | CVE-2019-15681 | LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. | Ubuntu_linux, Debian_linux, Libvncserver, Simatic_itc1500_firmware, Simatic_itc1500_pro_firmware, Simatic_itc1900_firmware, Simatic_itc1900_pro_firmware, Simatic_itc2200_firmware, Simatic_itc2200_pro_firmware | 7.5 | ||
| 2018-11-07 | CVE-2018-19052 | An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. | Debian_linux, Lighttpd, Backports_sle, Leap, Suse_linux_enterprise_server | 7.5 | ||
| 2018-12-19 | CVE-2018-20019 | LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution | Ubuntu_linux, Debian_linux, Libvncserver, Simatic_itc1500_firmware, Simatic_itc1500_pro_firmware, Simatic_itc1900_firmware, Simatic_itc1900_pro_firmware, Simatic_itc2200_firmware, Simatic_itc2200_pro_firmware | 9.8 | ||
| 2019-10-08 | CVE-2019-17340 | An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. | Debian_linux, Xen | 8.8 | ||
| 2019-10-08 | CVE-2019-17343 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. | Debian_linux, Xen | 6.8 | ||
| 2019-10-08 | CVE-2019-17344 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. | Debian_linux, Xen | 6.5 | ||
| 2019-10-08 | CVE-2019-17345 | An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. | Debian_linux, Xen | 6.5 | ||
| 2019-10-17 | CVE-2019-17673 | WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. | Debian_linux, Wordpress | 7.5 | ||
| 2019-12-03 | CVE-2019-19534 | In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | Ubuntu_linux, Debian_linux, Linux_kernel | 2.4 |