Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-31 | CVE-2019-14459 | nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). | Debian_linux, Fedora, Nfdump | 7.5 | ||
| 2019-07-31 | CVE-2019-14462 | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. | Debian_linux, Fedora, Libmodbus | 9.1 | ||
| 2019-07-31 | CVE-2019-14463 | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. | Debian_linux, Fedora, Libmodbus | 9.1 | ||
| 2019-07-31 | CVE-2019-14464 | XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Milkytracker | 5.5 | ||
| 2019-08-01 | CVE-2019-14494 | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | Ubuntu_linux, Debian_linux, Fedora, Poppler, Enterprise_linux | 7.5 | ||
| 2019-08-07 | CVE-2019-14744 | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. | Ubuntu_linux, Debian_linux, Fedora, Kconfig, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.8 | ||
| 2019-08-09 | CVE-2019-14234 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the... | Debian_linux, Django, Fedora | 9.8 | ||
| 2019-08-11 | CVE-2019-14934 | An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write. | Debian_linux, Fedora, Pdfresurrect | 7.8 | ||
| 2019-08-13 | CVE-2017-18509 | An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the... | Ubuntu_linux, Debian_linux, Linux_kernel | 7.8 | ||
| 2019-08-13 | CVE-2019-9513 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. | Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Nginx, Fedora, Web_gateway, Node\.js, Leap, Enterprise_communications_broker, Graalvm, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_service_mesh, Quay, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware | 7.5 |