RSS   Vulnerabilities for 'Debian linux'   RSS

2019-09-06
 
CVE-2019-15846

CWE-119
 

 
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

 
2019-09-03
 
CVE-2019-15892

CWE-20
 

 
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.

 
 
CVE-2019-10197

CWE-22
 

 
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

 
 
CVE-2015-9383

CWE-125
 

 
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.

 
 
CVE-2015-9382

CWE-125
 

 
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.

 
 
CVE-2015-9381

CWE-125
 

 
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.

 
2019-08-29
 
CVE-2019-14970

CWE-119
 

 
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.

 
 
CVE-2019-14778

CWE-416
 

 
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

 
 
CVE-2019-14777

CWE-416
 

 
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

 
 
CVE-2019-14776

CWE-125
 

 
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.

 


Copyright 2019, cxsecurity.com

 

Back to Top