Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-25 | CVE-2019-1010174 | CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4. | Cimg_library, Debian_linux | 9.8 | ||
| 2019-07-26 | CVE-2019-14275 | Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. | Debian_linux, Leap, Fig2dev | 5.5 | ||
| 2020-04-30 | CVE-2020-11026 | In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | Debian_linux, Wordpress | 5.4 | ||
| 2020-04-30 | CVE-2020-11029 | In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | Debian_linux, Wordpress | 6.1 | ||
| 2022-09-29 | CVE-2016-2338 | An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. | Debian_linux, Ruby | 9.8 | ||
| 2018-03-21 | CVE-2018-3710 | Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | Debian_linux, Gitlab | 7.8 | ||
| 2018-09-12 | CVE-2018-16981 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | Debian_linux, Stb_image\.h | 8.8 | ||
| 2018-12-30 | CVE-2018-20584 | JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | Debian_linux, Jasper, Outside_in_technology | 6.5 | ||
| 2019-07-23 | CVE-2019-11717 | A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | Debian_linux, Firefox, Firefox_esr, Thunderbird, Suse_package_hub_for_suse_linux_enterprise, Leap | 5.3 | ||
| 2019-07-23 | CVE-2019-9811 | As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | Debian_linux, Firefox, Firefox_esr, Thunderbird, Suse_package_hub_for_suse_linux_enterprise, Leap | 8.3 |