Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-30 | CVE-2019-13112 | A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | Ubuntu_linux, Debian_linux, Exiv2, Fedora | 6.5 | ||
| 2019-06-30 | CVE-2019-13114 | http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. | Ubuntu_linux, Debian_linux, Exiv2, Fedora | 6.5 | ||
| 2019-07-01 | CVE-2019-13117 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. | Ubuntu_linux, Debian_linux, Fedora, Leap, Openjdk, Libxslt | 5.3 | ||
| 2019-07-01 | CVE-2019-12781 | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. | Ubuntu_linux, Debian_linux, Django | 5.3 | ||
| 2019-07-01 | CVE-2019-13135 | ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. | Ubuntu_linux, Debian_linux, Big\-Ip_application_acceleration_manager, Big\-Ip_webaccelerator, Imagemagick | 8.8 | ||
| 2019-07-02 | CVE-2019-12594 | DOSBox 0.74-2 has Incorrect Access Control. | Debian_linux, Dosbox | 9.8 | ||
| 2019-07-03 | CVE-2019-7165 | A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code. | Debian_linux, Dosbox, Fedora | 9.8 | ||
| 2019-07-04 | CVE-2019-13232 | Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. | Debian_linux, Unzip | 3.3 | ||
| 2019-07-05 | CVE-2019-13345 | The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. | Debian_linux, Squid | 6.1 | ||
| 2019-07-10 | CVE-2019-13224 | A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. | Ubuntu_linux, Debian_linux, Fedora, Oniguruma, Php | 9.8 |