Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2019-10-15 CVE-2017-1002201 Cross-site Scripting vulnerability in multiple products
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly.
network
haml debian CWE-79
4.3
4.3
2019-10-14 CVE-2019-17545 Double Free vulnerability in multiple products
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
network
low complexity
osgeo oracle debian fedoraproject opensuse CWE-415
critical
 9.8
9.8
2019-10-14 CVE-2019-17542 Improper Validation of Array Index vulnerability in multiple products
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
network
low complexity
ffmpeg canonical debian CWE-129
7.5
7.5
2019-10-14 CVE-2019-17540 Out-of-bounds Write vulnerability in multiple products
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
network
low complexity
imagemagick debian CWE-787
8.8
8.8
2019-10-14 CVE-2019-17539 NULL Pointer Dereference vulnerability in multiple products
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
network
low complexity
ffmpeg debian canonical CWE-476
7.5
7.5
2019-10-13 CVE-2019-17533 Use of Uninitialized Resource vulnerability in multiple products
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.
network
low complexity
matio-project debian CWE-908
8.2
8.2
2019-10-12 CVE-2019-17531 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-11 CVE-2019-2215 Use After Free vulnerability in multiple products
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel.
local
low complexity
google debian canonical netapp huawei CWE-416
7.8
7.8
2019-10-10 CVE-2019-17455 Out-of-bounds Read vulnerability in multiple products
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
network
low complexity
nongnu debian canonical fedoraproject opensuse CWE-125
critical
 9.8
9.8
2019-10-09 CVE-2019-17402 Classic Buffer Overflow vulnerability in multiple products
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
network
low complexity
exiv2 debian canonical CWE-120
6.5
6.5