Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3500 | 4 Aria2 Project, Canonical, Debian and 1 more | 4 Aria2, Ubuntu Linux, Debian Linux and 1 more | 2022-04-06 | 2.1 LOW | 7.8 HIGH |
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | |||||
CVE-2017-18359 | 2 Debian, Postgis | 2 Debian Linux, Postgis | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. | |||||
CVE-2017-5093 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-06 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | |||||
CVE-2017-5109 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2022-04-06 | 4.3 MEDIUM | 4.3 MEDIUM |
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. | |||||
CVE-2019-9210 | 4 Advancemame, Canonical, Debian and 1 more | 4 Advancecomp, Ubuntu Linux, Debian Linux and 1 more | 2022-04-06 | 6.8 MEDIUM | 7.8 HIGH |
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) | |||||
CVE-2019-6690 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. | |||||
CVE-2019-7653 | 3 Canonical, Debian, Rdflib Project | 3 Ubuntu Linux, Debian Linux, Rdflib | 2022-04-06 | 7.5 HIGH | 9.8 CRITICAL |
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory. | |||||
CVE-2017-5120 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-06 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). | |||||
CVE-2017-5111 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2022-04-06 | 6.8 MEDIUM | 8.8 HIGH |
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | |||||
CVE-2017-5091 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-06 | 6.8 MEDIUM | 8.8 HIGH |
A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
CVE-2017-5113 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-06 | 6.8 MEDIUM | 8.8 HIGH |
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2017-5118 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-06 | 4.3 MEDIUM | 4.3 MEDIUM |
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
CVE-2017-5116 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-06 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
CVE-2017-5121 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2022-04-06 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | |||||
CVE-2017-5114 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-06 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | |||||
CVE-2019-12838 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2022-04-06 | 7.5 HIGH | 9.8 CRITICAL |
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | |||||
CVE-2019-11358 | 10 Backdropcms, Debian, Drupal and 7 more | 104 Backdrop, Debian Linux, Drupal and 101 more | 2022-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | |||||
CVE-2020-6393 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-06 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2020-6394 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-06 | 5.8 MEDIUM | 5.4 MEDIUM |
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
CVE-2017-18635 | 4 Canonical, Debian, Novnc and 1 more | 4 Ubuntu Linux, Debian Linux, Novnc and 1 more | 2022-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. |