Filtered by vendor Debian
Subscribe
Total
9278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19797 | 3 Debian, Fedoraproject, Xfig Project | 3 Debian Linux, Fedora, Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | |||||
| CVE-2019-19783 | 4 Canonical, Cyrus, Debian and 1 more | 4 Ubuntu Linux, Imap, Debian Linux and 1 more | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. | |||||
| CVE-2019-19728 | 3 Debian, Opensuse, Schedmd | 3 Debian Linux, Leap, Slurm | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | |||||
| CVE-2019-19725 | 3 Canonical, Debian, Sysstat Project | 3 Ubuntu Linux, Debian Linux, Sysstat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | |||||
| CVE-2019-19709 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | |||||
| CVE-2019-19630 | 3 Debian, Fedoraproject, Htmldoc Project | 3 Debian Linux, Fedora, Htmldoc | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. | |||||
| CVE-2019-19617 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | |||||
| CVE-2019-19604 | 4 Debian, Fedoraproject, Git-scm and 1 more | 4 Debian Linux, Fedora, Git and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | |||||
| CVE-2019-19583 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. | |||||
| CVE-2019-19553 | 4 Debian, Opensuse, Oracle and 1 more | 5 Debian Linux, Leap, Solaris and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. | |||||
| CVE-2019-19536 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. | |||||
| CVE-2019-19535 | 4 Debian, Linux, Opensuse and 1 more | 4 Debian Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. | |||||
| CVE-2019-19534 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | |||||
| CVE-2019-19531 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. | |||||
| CVE-2019-19530 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. | |||||
| CVE-2019-19527 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | |||||
| CVE-2019-19525 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. | |||||
| CVE-2019-19524 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | |||||
| CVE-2019-19523 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | |||||
| CVE-2019-19479 | 3 Debian, Fedoraproject, Opensc Project | 3 Debian Linux, Fedora, Opensc | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. | |||||