Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-05-26 | CVE-2022-21831 | A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | Debian_linux, Active_storage | 9.8 | ||
2022-05-26 | CVE-2022-22577 | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | Debian_linux, Actionpack | 6.1 | ||
2022-05-26 | CVE-2022-27777 | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | Debian_linux, Actionpack | 6.1 | ||
2021-04-06 | CVE-2021-30151 | Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | Sidekiq, Debian_linux | 6.1 | ||
2022-01-21 | CVE-2022-23837 | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. | Sidekiq, Debian_linux | 7.5 | ||
2020-10-22 | CVE-2020-27560 | ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. | Debian_linux, Imagemagick, Leap | 3.3 | ||
2020-11-20 | CVE-2020-19667 | Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. | Debian_linux, Imagemagick | 7.8 | ||
2020-12-03 | CVE-2020-27759 | In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects... | Debian_linux, Imagemagick | 3.3 | ||
2020-12-03 | CVE-2020-27760 | In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. | Debian_linux, Imagemagick | 5.5 | ||
2020-12-03 | CVE-2020-27761 | WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw... | Debian_linux, Imagemagick | 3.3 |