180 matches found
DEBIAN-CVE-2021-43519
Stack overflow in luaresume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to perform a Denial of Service via a crafted script file...
DEBIAN-CVE-2021-0089
Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...
DEBIAN-CVE-2018-25013
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes...
DEBIAN-CVE-2021-21209
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
DEBIAN-CVE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...
DEBIAN-CVE-2020-10001
An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory...
DEBIAN-CVE-2021-29264
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...
DEBIAN-CVE-2020-8265
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...
DEBIAN-CVE-2020-35919
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation...
DEBIAN-CVE-2020-28038
WordPress before 5.5.2 allows stored XSS via post slugs...
DEBIAN-CVE-2020-26682
In libass 0.14.0, the assoutlineconstruct's call to outlinestroke causes a signed integer overflow...
DEBIAN-CVE-2020-26571
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in scpkcs15emugemsafeGPKinit...
DEBIAN-CVE-2020-25741
fdctrlwritedata in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive...
DEBIAN-CVE-2020-25601
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchnreset / evtchndestroy. In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these when resetting all event channels or when cleaning...
DEBIAN-CVE-2020-15709
Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...
DEBIAN-CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get.contentLength does not raise any error if a malicious server provides a negative Content-Length...
DEBIAN-CVE-2020-15569
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor...
DEBIAN-CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...
DEBIAN-CVE-2020-15007
A buffer overflow in the MLoadDefaults function in mmisc.c in id Tech 1 aka Doom engine allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument...
DEBIAN-CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...