Filtered by vendor Debian
Subscribe
Total
9332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22027 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-11-05 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences. | |||||
| CVE-2020-22023 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-11-05 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences. | |||||
| CVE-2018-12895 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges. | |||||
| CVE-2020-14351 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2019-9506 | 8 Apple, Blackberry, Canonical and 5 more | 274 Iphone Os, Mac Os X, Tvos and 271 more | 2021-11-04 | 4.8 MEDIUM | 8.1 HIGH |
| The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. | |||||
| CVE-2019-3795 | 2 Debian, Vmware | 2 Debian Linux, Spring Security | 2021-11-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. | |||||
| CVE-2018-17937 | 3 Debian, Gpsd Project, Microjson Project | 3 Debian Linux, Gpsd, Microjson | 2021-11-02 | 5.8 MEDIUM | 8.8 HIGH |
| gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. | |||||
| CVE-2017-7655 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. | |||||
| CVE-2020-12268 | 3 Artifex, Debian, Opensuse | 3 Jbig2dec, Debian Linux, Leap | 2021-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. | |||||
| CVE-2018-13982 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. | |||||
| CVE-2019-16779 | 3 Debian, Excon Project, Opensuse | 4 Debian Linux, Excon, Backports Sle and 1 more | 2021-10-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this. | |||||
| CVE-2019-10131 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2021-10-28 | 3.6 LOW | 7.1 HIGH |
| An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. | |||||
| CVE-2019-10192 | 5 Canonical, Debian, Oracle and 2 more | 10 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 7 more | 2021-10-28 | 6.5 MEDIUM | 7.2 HIGH |
| A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. | |||||
| CVE-2019-10193 | 5 Canonical, Debian, Oracle and 2 more | 9 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 6 more | 2021-10-28 | 6.5 MEDIUM | 7.2 HIGH |
| A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. | |||||
| CVE-2020-8167 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2021-10-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | |||||
| CVE-2020-21534 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2021-10-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. | |||||
| CVE-2020-21533 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2021-10-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. | |||||
| CVE-2021-25634 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | |||||
| CVE-2021-25633 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | |||||
| CVE-2017-12678 | 2 Debian, Taglib | 2 Debian Linux, Taglib | 2021-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | |||||