Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-12-24 | CVE-2018-20433 | c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. | Debian_linux, C3p0 | 9.8 | ||
2018-12-26 | CVE-2018-20217 | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. | Debian_linux, Kerberos | 5.3 | ||
2018-12-28 | CVE-2018-20546 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. | Ubuntu_linux, Debian_linux, Fedora, Libcaca, Leap | 8.1 | ||
2018-12-28 | CVE-2018-20547 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. | Ubuntu_linux, Debian_linux, Fedora, Libcaca, Leap | 8.1 | ||
2018-12-28 | CVE-2018-20549 | There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. | Ubuntu_linux, Debian_linux, Fedora, Libcaca, Leap | 8.8 | ||
2019-01-02 | CVE-2019-3500 | aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | Aria2, Ubuntu_linux, Debian_linux, Fedora | 7.8 | ||
2019-01-02 | CVE-2018-14719 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. | Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Business_process_management_suite, Clusterware, Communications_billing_and_revenue_management, Database_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Jdeveloper, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_merchandising_system, Retail_workforce_management_software, Webcenter_portal, Openshift_container_platform | 9.8 | ||
2019-01-02 | CVE-2018-14718 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Business_process_management_suite, Communications_billing_and_revenue_management, Communications_instant_messaging_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Jdeveloper, Nosql_database, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_workforce_management_software, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Webcenter_portal, Openshift_container_platform | 9.8 | ||
2019-01-02 | CVE-2018-19360 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | Debian_linux, Jackson\-Databind, Business_process_management_suite, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_workforce_management_software, Webcenter_portal, Automation_manager, Decision_manager, Jboss_bpm_suite, Jboss_brms, Openshift_container_platform | 9.8 | ||
2019-01-02 | CVE-2018-14720 | FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform | 9.8 |