Vulnerabilities (CVE)

Vendor filter

Debian Subscribe

Product filter

Debian Linux Subscribe

Filter

3233 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-7635 3 Libsdl, Debian, Opensuse 3 Simple Directmedia Layer, Debian Linux, Leap 2019-07-22 6.8
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-13574 2 Minimagick Project, Debian 2 Minimagick, Debian Linux 2019-07-22 6.8
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.
CVE-2018-8780 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 7.5
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional...
CVE-2018-8779 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
CVE-2018-8778 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack...
CVE-2018-8777 4 Ruby-lang, Debian, Canonical and 1 more 4 Ruby, Debian Linux, Ubuntu Linux and 1 more 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a...
CVE-2018-6914 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 5.0
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or...
CVE-2018-16396 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 6.8
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2018-16395 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 7.5
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects...
CVE-2018-18505 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-07-20 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels...
CVE-2019-12384 2 Fasterxml, Debian 2 Jackson-databind, Debian Linux 2019-07-19 4.3
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may...
CVE-2019-10193 4 Redhat, Redislabs, Canonical and 1 more 5 Openstack, Redis, Ubuntu Linux and 2 more 2019-07-19 6.5
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to...
CVE-2019-10192 4 Redhat, Redislabs, Canonical and 1 more 5 Openstack, Redis, Ubuntu Linux and 2 more 2019-07-19 6.5
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick...
CVE-2019-3822 6 Haxx, Canonical, Debian and 3 more 8 Libcurl, Ubuntu Linux, Debian Linux and 5 more 2019-07-19 7.5
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header...
CVE-2017-5130 3 Google, Xmlsoft, Debian 3 Chrome, Libxml2, Debian Linux 2019-07-19 6.8
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
CVE-2019-13132 3 Zeromq, Canonical, Debian 3 Libzmq, Ubuntu Linux, Debian Linux 2019-07-18 7.5
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack...
CVE-2018-1000027 3 Squid-cache, Debian, Canonical 3 Squid, Debian Linux, Ubuntu Linux 2019-07-17 5.0
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the...
CVE-2018-1000024 3 Squid-cache, Debian, Canonical 3 Squid, Debian Linux, Ubuntu Linux 2019-07-17 5.0
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This...
CVE-2019-12468 2 Mediawiki, Debian 2 Mediawiki, Debian Linux 2019-07-17 7.5
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
CVE-2016-9572 2 Openjpeg, Debian 2 Openjpeg, Debian Linux 2019-07-17 4.3
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when...