RSS   Vulnerabilities for 'Debian linux'   RSS

2019-05-16
 
CVE-2019-3839

CWE-264
 

 
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.28 are vulnerable.

 
2019-05-05
 
CVE-2019-11766

CWE-125
 

 
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.

 
2019-04-30
 
CVE-2019-11627

CWE-77
 

 
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.

 
2019-04-24
 
CVE-2019-9928

CWE-119
 

 
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

 
2019-04-22
 
CVE-2019-3902

CWE-59
 

 
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

 
 
CVE-2019-11455

CWE-119
 

 
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

 
 
CVE-2019-11454

CWE-79
 

 
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.

 
2019-04-19
 
CVE-2019-11358

CWE-79
 

 
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

 
2019-04-18
 
CVE-2016-10746

CWE-254
 

 
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.

 
2019-04-15
 
CVE-2019-11222

CWE-119
 

 
gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.

 


Copyright 2019, cxsecurity.com

 

Back to Top