Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-09-28 | CVE-2004-0458 | mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference. | Debian_linux, Mah\-Jong | 7.5 | ||
| 2022-12-06 | CVE-2022-24439 | All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | Debian_linux, Fedora, Gitpython | 9.8 | ||
| 2023-07-17 | CVE-2023-38403 | iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | Macos, Debian_linux, Iperf3, Fedora, Clustered_data_ontap, Ontap_select_deploy_administration_utility | 7.5 | ||
| 2018-05-24 | CVE-2018-8013 | In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. | Batik, Ubuntu_linux, Debian_linux, Business_intelligence, Communications_diameter_signaling_router, Communications_metasolv_solution, Communications_webrtc_session_controller, Data_integrator, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Fusion_middleware_mapviewer, Instantis_enterprisetrack, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_tools, Retail_back_office, Retail_central_office, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_returns_management | 9.8 | ||
| 2022-09-22 | CVE-2022-38398 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. | Batik, Debian_linux | 5.3 | ||
| 2022-09-22 | CVE-2022-38648 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | Batik, Debian_linux | 5.3 | ||
| 2022-09-22 | CVE-2022-40146 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. | Batik, Debian_linux | 7.5 | ||
| 2022-10-25 | CVE-2022-41704 | A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | Batik, Debian_linux | 7.5 | ||
| 2022-10-25 | CVE-2022-42890 | A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | Batik, Debian_linux | 7.5 | ||
| 2023-08-22 | CVE-2022-44729 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. | Xml_graphics_batik, Debian_linux | 7.1 |