Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-20 | CVE-2019-10086 | In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. | Commons_beanutils, Nifi, Debian_linux, Fedora, Leap, Agile_plm, Agile_product_lifecycle_management_integration_pack, Application_testing_suite, Banking_platform, Blockchain_platform, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_console, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_design_studio, Communications_evolved_communications_application_server, Communications_metasolv_solution, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_unified_inventory_management, Customer_management_and_segmentation_foundation, Enterprise_manager_for_virtualization, Financial_services_revenue_management_and_billing_analytics, Flexcube_private_banking, Fusion_middleware, Healthcare_foundation, Hospitality_opera_5, Hospitality_reporting_and_analytics, Insurance_data_gateway, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Peoplesoft_enterprise_pt_peopletools, Primavera_gateway, Real\-Time_decisions_solutions, Retail_advanced_inventory_planning, Retail_back_office, Retail_central_office, Retail_invoice_matching, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_xstore_point_of_service, Service_bus, Solaris_cluster, Time_and_labor, Utilities_framework, Weblogic_server, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform | 7.3 | ||
| 2019-08-21 | CVE-2019-15292 | An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. | Ubuntu_linux, Debian_linux, Linux_kernel | 4.7 | ||
| 2019-08-23 | CVE-2019-15505 | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | Ubuntu_linux, Debian_linux, Linux_kernel | 9.8 | ||
| 2019-08-23 | CVE-2019-15531 | GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | Debian_linux, Fedora, Libextractor | 6.5 | ||
| 2019-08-25 | CVE-2019-15538 | An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Aff_a700s_firmware, Data_availability_services, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Leap | 7.5 | ||
| 2019-08-27 | CVE-2019-15666 | An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. | Debian_linux, Linux_kernel, Leap | 4.4 | ||
| 2019-08-29 | CVE-2019-11500 | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. | Debian_linux, Dovecot, Pigeonhole, Fedora | 9.8 | ||
| 2019-08-29 | CVE-2019-15807 | In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. | Debian_linux, Linux_kernel, Enterprise_linux | 4.7 | ||
| 2019-09-03 | CVE-2019-10197 | A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share. | Ubuntu_linux, Debian_linux, Samba | 9.1 | ||
| 2019-09-03 | CVE-2019-14811 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | Ghostscript, Debian_linux, Fedora, Leap, Openshift_container_platform | 7.8 |