Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-29 | CVE-2019-14901 | A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel | 9.8 | ||
| 2019-12-03 | CVE-2013-4235 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | Debian_linux, Shadow, Fedora, Enterprise_linux | 4.7 | ||
| 2019-12-10 | CVE-2013-2166 | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | Debian_linux, Fedora, Python\-Keystoneclient, Openstack | 9.8 | ||
| 2019-12-10 | CVE-2013-2167 | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | Debian_linux, Python\-Keystoneclient, Openstack | 9.8 | ||
| 2019-12-13 | CVE-2014-0175 | mcollective has a default password set at install | Debian_linux, Marionette_collective, Openshift | 9.8 | ||
| 2020-01-14 | CVE-2014-7844 | BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | Bsd_mailx, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2020-04-02 | CVE-2019-14868 | In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. | Mac_os_x, Debian_linux, Ksh | 7.8 | ||
| 2018-11-07 | CVE-2018-19058 | An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. | Ubuntu_linux, Debian_linux, Poppler, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2019-01-01 | CVE-2018-20650 | A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | Ubuntu_linux, Debian_linux, Poppler, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 6.5 | ||
| 2017-02-18 | CVE-2017-6074 | The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. | Debian_linux, Linux_kernel | 7.8 |