Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8867 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-19956 | 8 Canonical, Debian, Fedoraproject and 5 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-08-05 | 7.5 High |
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | ||||
CVE-2019-19920 | 3 Canonical, Debian, Sa-exim Project | 3 Ubuntu Linux, Debian Linux, Sa-exim | 2024-08-05 | 8.8 High |
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805. | ||||
CVE-2019-19949 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2024-08-05 | 9.1 Critical |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | ||||
CVE-2019-19953 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2024-08-05 | 9.1 Critical |
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. | ||||
CVE-2019-19951 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2024-08-05 | 9.8 Critical |
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | ||||
CVE-2019-19926 | 8 Debian, Netapp, Opensuse and 5 more | 13 Debian Linux, Cloud Backup, Backports Sle and 10 more | 2024-08-05 | 7.5 High |
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | ||||
CVE-2019-19925 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-08-05 | 7.5 High |
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | ||||
CVE-2019-19923 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-08-05 | 7.5 High |
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). | ||||
CVE-2019-19921 | 5 Canonical, Debian, Linuxfoundation and 2 more | 8 Ubuntu Linux, Debian Linux, Runc and 5 more | 2024-08-05 | 7.0 High |
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | ||||
CVE-2019-19880 | 8 Debian, Netapp, Opensuse and 5 more | 13 Debian Linux, Cloud Backup, Backports Sle and 10 more | 2024-08-05 | 7.5 High |
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | ||||
CVE-2019-19906 | 8 Apache, Apple, Canonical and 5 more | 20 Bookkeeper, Ipados, Iphone Os and 17 more | 2024-08-05 | 7.5 High |
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. | ||||
CVE-2019-19813 | 4 Canonical, Debian, Linux and 1 more | 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more | 2024-08-05 | 5.5 Medium |
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. | ||||
CVE-2019-19830 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2024-08-05 | 6.5 Medium |
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. | ||||
CVE-2019-19797 | 3 Debian, Fedoraproject, Xfig Project | 3 Debian Linux, Fedora, Fig2dev | 2024-08-05 | 5.5 Medium |
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | ||||
CVE-2019-19816 | 4 Canonical, Debian, Linux and 1 more | 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more | 2024-08-05 | 7.8 High |
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. | ||||
CVE-2019-19783 | 5 Canonical, Cyrus, Debian and 2 more | 5 Ubuntu Linux, Imap, Debian Linux and 2 more | 2024-08-05 | 6.5 Medium |
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. | ||||
CVE-2019-19728 | 3 Debian, Opensuse, Schedmd | 3 Debian Linux, Leap, Slurm | 2024-08-05 | 7.5 High |
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | ||||
CVE-2019-19725 | 3 Canonical, Debian, Sysstat Project | 3 Ubuntu Linux, Debian Linux, Sysstat | 2024-08-05 | 9.8 Critical |
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | ||||
CVE-2019-19709 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-05 | 6.1 Medium |
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | ||||
CVE-2019-19630 | 3 Debian, Fedoraproject, Htmldoc Project | 3 Debian Linux, Fedora, Htmldoc | 2024-08-05 | 7.8 High |
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. |