Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-06 | CVE-2019-9854 | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding... | Ubuntu_linux, Debian_linux, Fedora, Libreoffice, Leap, Enterprise_linux | 7.8 | ||
| 2019-09-08 | CVE-2016-10937 | IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | Debian_linux, Fedora, Imapfilter, Backports_sle, Leap | 7.5 | ||
| 2019-09-09 | CVE-2019-16159 | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | Debian_linux, Fedora, Bird, Backports_sle | 7.5 | ||
| 2019-09-09 | CVE-2019-16163 | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | Ubuntu_linux, Debian_linux, Fedora, Oniguruma | 7.5 | ||
| 2019-09-09 | CVE-2019-16167 | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | Ubuntu_linux, Debian_linux, Fedora, Leap, Sysstat | 5.5 | ||
| 2019-09-09 | CVE-2019-16168 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | Ubuntu_linux, Debian_linux, Fedora, Policy_auditor, Active_iq_unified_manager, E\-Series_santricity_os_controller, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Communications_design_studio, Jdk, Jre, Mysql, Outside_in_technology, Solaris, Zfs_storage_appliance, Sqlite, Nessus_agent | 6.5 | ||
| 2019-09-11 | CVE-2019-16235 | Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. | Ubuntu_linux, Debian_linux, Dino, Fedora | 7.5 | ||
| 2019-09-11 | CVE-2019-16236 | Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. | Ubuntu_linux, Debian_linux, Dino, Fedora | 7.5 | ||
| 2019-09-11 | CVE-2019-16237 | Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. | Ubuntu_linux, Debian_linux, Dino, Fedora | 7.5 | ||
| 2019-09-12 | CVE-2019-16275 | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. | Ubuntu_linux, Debian_linux, Hostapd, Wpa_supplicant | 6.5 |