Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20189 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. | |||||
| CVE-2011-0703 | 2 Debian, Gksu-polkit Project | 2 Debian Linux, Gksu-polkit | 2019-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | |||||
| CVE-2018-16151 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2019-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. | |||||
| CVE-2018-16152 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2019-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. | |||||
| CVE-2018-17540 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2019-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. | |||||
| CVE-2011-2910 | 2 Debian, Linux-ax25 | 2 Debian Linux, Ax25-tools | 2019-11-26 | 7.2 HIGH | 6.7 MEDIUM |
| The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation. | |||||
| CVE-2019-18890 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. | |||||
| CVE-2015-2927 | 3 Debian, Nodejs, Uronode | 3 Debian Linux, Node.js, Uro Node | 2019-11-25 | 6.8 MEDIUM | 6.5 MEDIUM |
| node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | |||||
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2019-11-25 | 3.6 LOW | 5.5 MEDIUM |
| pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | |||||
| CVE-2013-4584 | 2 Debian, Horms | 2 Debian Linux, Perdition | 2019-11-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections | |||||
| CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | |||||
| CVE-2015-1606 | 2 Debian, Gnupg | 2 Debian Linux, Gnupg | 2019-11-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. | |||||
| CVE-2012-0843 | 2 Debian, Uzbl | 2 Debian Linux, Uzbl | 2019-11-22 | 2.1 LOW | 5.5 MEDIUM |
| uzbl: Information disclosure via world-readable cookies storage file | |||||
| CVE-2015-3167 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | |||||
| CVE-2015-3166 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2019-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | |||||
| CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. | |||||
| CVE-2018-8048 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2019-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | |||||
| CVE-2016-1000236 | 2 Cookie-signature Project, Debian | 2 Cookie-signature, Debian Linux | 2019-11-21 | 3.5 LOW | 4.4 MEDIUM |
| Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. | |||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | |||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | |||||