Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-17 | CVE-2018-10191 | In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code. | Debian_linux, Mruby | 9.8 | ||
| 2018-06-05 | CVE-2018-11743 | The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. | Debian_linux, Mruby | 9.8 | ||
| 2018-06-12 | CVE-2018-12249 | An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c. | Debian_linux, Mruby | 7.5 | ||
| 2018-07-17 | CVE-2018-14337 | The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. | Debian_linux, Mruby | 7.5 | ||
| 2018-03-14 | CVE-2018-8098 | Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. | Debian_linux, Libgit2 | 6.5 | ||
| 2018-08-18 | CVE-2018-15501 | In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. | Debian_linux, Libgit2 | 7.5 | ||
| 2019-09-17 | CVE-2019-16394 | SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | Ubuntu_linux, Debian_linux, Spip | 5.3 | ||
| 2019-11-12 | CVE-2019-18848 | The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. | Debian_linux, Json\-Jwt | 7.5 | ||
| 2019-12-17 | CVE-2019-19830 | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. | Ubuntu_linux, Debian_linux, Spip | 6.5 | ||
| 2020-04-02 | CVE-2020-11494 | An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. | Ubuntu_linux, Debian_linux, Linux_kernel, Leap | 4.4 |