Product:

Debian_linux

(Debian)
Repositories https://github.com/torvalds/linux
https://github.com/ImageMagick/ImageMagick
https://github.com/WordPress/WordPress
https://github.com/FFmpeg/FFmpeg
https://github.com/rdesktop/rdesktop
https://github.com/krb5/krb5
https://github.com/neomutt/neomutt
https://github.com/FasterXML/jackson-databind
https://github.com/file/file
https://github.com/php/php-src
https://github.com/the-tcpdump-group/tcpdump
https://github.com/redmine/redmine
https://github.com/dbry/WavPack
https://github.com/rubygems/rubygems
https://github.com/uclouvain/openjpeg
https://github.com/bcgit/bc-java
https://github.com/libgd/libgd
https://github.com/kyz/libmspack
https://github.com/mantisbt/mantisbt
https://github.com/gpac/gpac
https://github.com/newsoft/libvncserver
https://github.com/madler/zlib
https://github.com/libgit2/libgit2
https://github.com/mdadams/jasper
https://github.com/FreeRDP/FreeRDP
https://github.com/mruby/mruby
https://github.com/uriparser/uriparser
https://github.com/LibRaw/LibRaw
https://github.com/ceph/ceph
https://github.com/verdammelt/tnef
https://github.com/libevent/libevent
https://github.com/antirez/redis
https://github.com/Yeraze/ytnef
https://github.com/Perl/perl5
https://github.com/ntp-project/ntp
https://github.com/openssl/openssl
https://github.com/LibVNC/libvncserver
https://github.com/ARMmbed/mbedtls
https://github.com/inspircd/inspircd
https://github.com/OTRS/otrs
https://github.com/python-pillow/Pillow
https://github.com/perl5-dbi/DBD-mysql
https://github.com/mm2/Little-CMS
https://github.com/apache/httpd
https://github.com/curl/curl
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/jquery/jquery-ui
https://github.com/openbsd/src
https://github.com/szukw000/openjpeg
https://github.com/mysql/mysql-server
https://github.com/memcached/memcached
https://github.com/openvswitch/ovs
https://github.com/SpiderLabs/ModSecurity
https://github.com/kamailio/kamailio
https://github.com/vadz/libtiff
https://github.com/dovecot/core
https://github.com/znc/znc
https://github.com/horde/horde
https://github.com/mono/mono
https://github.com/codehaus-plexus/plexus-utils
https://github.com/ellson/graphviz
• git://git.openssl.org/openssl.git
https://github.com/dajobe/raptor
https://github.com/DanBloomberg/leptonica
https://github.com/django/django
https://github.com/collectd/collectd
https://github.com/weechat/weechat
https://git.kernel.org/pub/scm/git/git.git
https://github.com/akrennmair/newsbeuter
https://github.com/dom4j/dom4j
https://github.com/sleuthkit/sleuthkit
https://github.com/python/cpython
https://github.com/zhutougg/c3p0
https://github.com/golang/go
https://github.com/haproxy/haproxy
https://github.com/westes/flex
https://github.com/jcupitt/libvips
https://github.com/codehaus-plexus/plexus-archiver
https://github.com/openssh/openssh-portable
https://github.com/jpirko/libndp
https://github.com/inverse-inc/sogo
https://github.com/varnish/Varnish-Cache
https://github.com/varnishcache/varnish-cache
https://github.com/esnet/iperf
https://github.com/paramiko/paramiko
https://github.com/resiprocate/resiprocate
https://github.com/nih-at/libzip
https://github.com/twigphp/Twig
https://github.com/lighttpd/lighttpd1.4
https://github.com/vim/vim
https://github.com/smarty-php/smarty
https://github.com/symfony/symfony
https://github.com/ansible/ansible
https://github.com/mapserver/mapserver
https://github.com/stoth68000/media-tree
https://github.com/ImageMagick/ImageMagick6
https://github.com/antlarr/audiofile
https://github.com/shadow-maint/shadow
https://github.com/lxml/lxml
https://github.com/GStreamer/gst-plugins-ugly
https://github.com/erikd/libsndfile
https://github.com/ruby/openssl
https://github.com/beanshell/beanshell
https://github.com/git/git
https://github.com/cyu/rack-cors
https://github.com/Exim/exim
https://github.com/GNOME/nautilus
https://github.com/phusion/passenger
https://github.com/karelzak/util-linux
https://github.com/apple/cups
https://github.com/shadowsocks/shadowsocks-libev
https://github.com/simplesamlphp/simplesamlphp
https://github.com/GNOME/evince
https://github.com/torproject/tor
https://github.com/derickr/timelib
https://github.com/libarchive/libarchive
https://git.savannah.gnu.org/git/patch.git
https://github.com/puppetlabs/puppet
https://github.com/flori/json
https://github.com/eldy/awstats
https://github.com/simplesamlphp/saml2
https://github.com/anymail/django-anymail
https://github.com/mpv-player/mpv
https://github.com/TeX-Live/texlive-source
https://github.com/vim-syntastic/syntastic
https://github.com/gosa-project/gosa-core
https://github.com/Cisco-Talos/clamav-devel
https://github.com/GNOME/librsvg
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/splitbrain/dokuwiki
https://github.com/heimdal/heimdal
https://github.com/openstack/swauth
https://github.com/bottlepy/bottle
https://github.com/charybdis-ircd/charybdis
https://github.com/mjg59/pupnp-code
https://git.videolan.org/git/vlc.git
https://github.com/atheme/atheme
https://github.com/fragglet/lhasa
https://github.com/neovim/neovim
https://github.com/Quagga/quagga
https://github.com/rohe/pysaml2
https://github.com/PHPMailer/PHPMailer
https://github.com/Automattic/Genericons
https://github.com/jmacd/xdelta-devel
https://github.com/axkibe/lsyncd
https://github.com/quassel/quassel
https://github.com/yarolig/didiwiki
#Vulnerabilities 8821
Date Id Summary Products Score Patch Annotated
2019-09-19 CVE-2019-14821 An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of... Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Aff_a700s_firmware, Data_availability_services, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Leap, Sd\-Wan_edge, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_host 8.8
2020-11-28 CVE-2020-27218 In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject... Kafka, Spark, Debian_linux, Jetty, Oncommand_system_manager, Snap_creator_framework, Blockchain_platform, Communications_converged_application_server_\-_service_controller, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_route_manager, Flexcube_private_banking, Hyperion_infrastructure_technology, Rest_data_services, Retail_eftlink, Siebel_core_\-_automation 4.8
2021-04-15 CVE-2021-20288 An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Debian_linux, Fedora, Ceph, Ceph_storage 7.2
2021-04-26 CVE-2021-29473 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of... Debian_linux, Exiv2, Fedora 2.5
2021-09-01 CVE-2021-36056 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. Xmp_toolkit_software_development_kit, Debian_linux 5.5
2021-09-01 CVE-2021-36057 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user. Xmp_toolkit_software_development_kit, Debian_linux N/A
2022-01-19 CVE-2022-21277 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability... Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_storage_plugin, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Jdk, Jre, Openjdk 5.3
2022-01-19 CVE-2022-21283 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized... Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_storage_plugin, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Jdk, Jre, Openjdk 5.3
2022-01-19 CVE-2022-21282 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in... Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_storage_plugin, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Jdk, Jre, Openjdk 5.3
2023-02-20 CVE-2023-24998 Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. Commons_fileupload, Debian_linux 7.5