Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-08-09 | CVE-2019-11041 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | Mac_os_x, Ubuntu_linux, Debian_linux, Leap, Php, Software_collections, Tenable\.sc | 7.1 | ||
2019-08-09 | CVE-2019-11042 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | Mac_os_x, Ubuntu_linux, Debian_linux, Leap, Php, Software_collections, Tenable\.sc | 7.1 | ||
2019-09-16 | CVE-2018-21015 | AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL. | Debian_linux, Gpac | 6.5 | ||
2019-09-16 | CVE-2018-21016 | audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | Debian_linux, Gpac | 6.5 | ||
2019-10-13 | CVE-2019-17533 | Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. | Debian_linux, Matio | 8.2 | ||
2019-05-05 | CVE-2019-11766 | dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. | Debian_linux, Dhcpcd | 9.8 | ||
2019-06-26 | CVE-2018-20847 | An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | Debian_linux, Openjpeg | 8.8 | ||
2019-09-24 | CVE-2019-16729 | pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. | Ubuntu_linux, Debian_linux, Pam\-Python | 7.8 | ||
2007-06-19 | CVE-2007-3278 | PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. | Debian_linux, Postgresql | N/A | ||
2017-03-07 | CVE-2017-2636 | Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | Debian_linux, Linux_kernel | 7.0 |