Filtered by vendor Debian
Subscribe
Total
8236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13297 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2020-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. | |||||
| CVE-2019-13454 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2020-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. | |||||
| CVE-2019-14981 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2020-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. | |||||
| CVE-2020-11078 | 3 Debian, Fedoraproject, Httplib2 Project | 3 Debian Linux, Fedora, Httplib2 | 2020-08-19 | 4.3 MEDIUM | 6.8 MEDIUM |
| In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. | |||||
| CVE-2018-7443 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-08-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). | |||||
| CVE-2019-2987 | 4 Debian, Netapp, Oracle and 1 more | 12 Debian Linux, E-series Santricity Os Controller, E-series Santricity Storage Manager and 9 more | 2020-08-18 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2010-4532 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2020-08-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | |||||
| CVE-2014-5255 | 2 Debian, Xcfa Project | 2 Debian Linux, Xcfa | 2020-08-18 | 4.4 MEDIUM | 7.0 HIGH |
| xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254. | |||||
| CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | |||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2020-08-18 | 9.3 HIGH | 7.8 HIGH |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | |||||
| CVE-2014-5439 | 2 Debian, Sniffit Project | 2 Debian Linux, Sniffit | 2020-08-18 | 9.3 HIGH | 7.8 HIGH |
| Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. | |||||
| CVE-2011-1070 | 2 Debian, V86d Project | 2 Debian Linux, V86d | 2020-08-18 | 7.2 HIGH | 7.8 HIGH |
| v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. | |||||
| CVE-2014-6310 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | |||||
| CVE-2020-5311 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | |||||
| CVE-2020-5312 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | |||||
| CVE-2014-6311 | 2 Debian, Vanderbilt | 2 Debian Linux, Adaptive Communication Environment | 2020-08-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | |||||
| CVE-2017-14604 | 2 Debian, Gnome | 2 Debian Linux, Nautilus | 2020-08-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field. | |||||
| CVE-2020-11025 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2020-08-18 | 3.5 LOW | 5.4 MEDIUM |
| In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | |||||
| CVE-2020-11030 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2020-08-18 | 3.5 LOW | 5.4 MEDIUM |
| In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | |||||
| CVE-2020-9481 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. | |||||