Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8867 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-14575 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-08-05 | 7.8 High |
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2019-14433 | 4 Canonical, Debian, Openstack and 1 more | 4 Ubuntu Linux, Debian Linux, Nova and 1 more | 2024-08-05 | 6.5 Medium |
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. | ||||
CVE-2019-14464 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-05 | 5.5 Medium |
XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. | ||||
CVE-2019-14372 | 2 Debian, Libav | 2 Debian Linux, Libav | 2024-08-05 | 6.5 Medium |
In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. | ||||
CVE-2019-14513 | 3 Debian, Redhat, Thekelleys | 3 Debian Linux, Enterprise Linux, Dnsmasq | 2024-08-05 | 7.5 High |
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. | ||||
CVE-2019-14459 | 3 Debian, Fedoraproject, Nfdump Project | 3 Debian Linux, Fedora, Nfdump | 2024-08-05 | 7.5 High |
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). | ||||
CVE-2019-14533 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-08-05 | N/A |
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | ||||
CVE-2019-14498 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-08-05 | N/A |
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | ||||
CVE-2019-14534 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-08-05 | N/A |
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | ||||
CVE-2019-14496 | 3 Canonical, Debian, Milkytracker Project | 3 Ubuntu Linux, Debian Linux, Milkytracker | 2024-08-05 | 7.8 High |
LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. | ||||
CVE-2019-14466 | 2 Debian, Gosa Project | 2 Debian Linux, Gosa | 2024-08-05 | 6.5 Medium |
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie. | ||||
CVE-2019-14497 | 3 Canonical, Debian, Milkytracker Project | 3 Ubuntu Linux, Debian Linux, Milkytracker | 2024-08-05 | 7.8 High |
ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. | ||||
CVE-2019-14462 | 3 Debian, Fedoraproject, Libmodbus | 3 Debian Linux, Fedora, Libmodbus | 2024-08-05 | 9.1 Critical |
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. | ||||
CVE-2019-14494 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-05 | 7.5 High |
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | ||||
CVE-2019-14437 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-08-05 | N/A |
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. | ||||
CVE-2019-14442 | 2 Debian, Libav | 2 Debian Linux, Libav | 2024-08-05 | 6.5 Medium |
In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | ||||
CVE-2019-14370 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-08-05 | 6.5 Medium |
In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. | ||||
CVE-2019-14443 | 2 Debian, Libav | 2 Debian Linux, Libav | 2024-08-05 | 6.5 Medium |
An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. | ||||
CVE-2019-14379 | 7 Apple, Debian, Fasterxml and 4 more | 37 Xcode, Debian Linux, Jackson-databind and 34 more | 2024-08-05 | 9.8 Critical |
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | ||||
CVE-2019-14369 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-08-05 | 6.5 Medium |
Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. |