Debian Security Vulnerabilities (CVEs)

CVE-2019-14462 is an out-of-bounds read vulnerability in libmodbus that allows attackers to read sensitive memory contents when processing MODBUS_FC_W...

CVE-2019-14379 is a remote code execution vulnerability in FasterXML jackson-databind that occurs when default typing is enabled and ehcache is used. ...

CVE-2019-13917 is a critical remote code execution vulnerability in Exim mail servers that allows attackers to execute arbitrary commands as root in c...

CVE-2019-1010174 is a command injection vulnerability in CImg Library that allows remote code execution. Attackers can execute arbitrary commands by p...

A heap buffer overflow vulnerability in Pango's text layout engine allows remote code execution when applications process specially crafted UTF-8 stri...

CVE-2019-13962 is a heap-based buffer over-read vulnerability in VLC media player's video decoding component. Attackers can exploit this by tricking u...

This vulnerability in LibreOffice allows malicious documents to execute arbitrary Python commands silently without user warning. Attackers can embed s...

This CVE describes a SQL injection vulnerability in SchedMD Slurm workload manager. Attackers can execute arbitrary SQL commands on Slurm databases, p...

A remote buffer overflow vulnerability in ZeroMQ's libzmq library allows unauthenticated attackers to execute arbitrary code on servers using CURVE en...

This vulnerability allows attackers to bypass re-authentication when changing email addresses in MediaWiki, potentially leading to account takeover. I...

CVE-2019-7165 is a critical buffer overflow vulnerability in DOSBox 0.74-2 that allows attackers to execute arbitrary code on affected systems. This a...

CVE-2019-12594 is an incorrect access control vulnerability in DOSBox 0.74-2 that allows local users to escalate privileges or execute arbitrary code....

This vulnerability in PHP's iconv_mime_decode_headers() function allows attackers to trigger an integer overflow leading to out-of-bounds memory reads...

This CVE describes a heap-based buffer overflow vulnerability in the Linux kernel's mwifiex wireless driver. Attackers could exploit this to corrupt m...

This CVE is a security regression of CVE-2019-9636 in Python's URL parsing that allows attackers to craft malicious URLs to trick applications into se...

CVE-2019-10149 is a critical remote command execution vulnerability in Exim mail transfer agent versions 4.87 through 4.91. Attackers can exploit impr...

This vulnerability in GNOME GLib's file copy function allows attackers to create files with insecure default permissions (typically world-readable/wri...

CVE-2019-12046 is an incorrect access control vulnerability in LemonLDAP::NG 2.0.3 that allows attackers to bypass authentication and authorization me...

This vulnerability in PharStreamWrapper allows attackers to bypass directory traversal protections in TYPO3's phar:// stream wrapper. By using special...

This vulnerability is a buffer over-read in dhcpcd's DHCPv6 Prefix Delegation Exclude feature that could allow attackers to read sensitive memory cont...

This vulnerability in PHP's EXIF extension allows attackers to cause a buffer over-read when processing certain image files. This can lead to informat...

CVE-2019-11627 is a shell injection vulnerability in gpg-key2ps utility of signing-party package. Attackers can execute arbitrary commands by crafting...

This vulnerability in PHP's EXIF extension allows attackers to cause buffer over-reads when processing certain image files. This can lead to informati...

This vulnerability in libxslt allows attackers to bypass URL access controls by crafting malicious URLs that cause xsltCheckRead to return -1 error co...

This CVE allows remote attackers to guess the automatically generated development mode secret token in vulnerable Rails versions, which can be combine...

This vulnerability in Python 2.x's urllib library allows attackers to bypass file URI blacklists using the 'local_file:' scheme, enabling unauthorized...

PuTTY versions before 0.71 have a cryptographic vulnerability where random numbers used for SSH session keys could be recycled, potentially allowing a...

This vulnerability in libssh2 allows a compromised SSH server to trigger an out-of-bounds read in client software, potentially causing denial of servi...

CVE-2018-20177 is a critical integer overflow vulnerability in rdesktop RDP client that leads to heap-based buffer overflow and remote code execution....

CVE-2018-20181 is a critical integer underflow vulnerability in rdesktop RDP client that leads to heap-based buffer overflow and remote code execution...

This vulnerability in PHP's EXIF component allows attackers to read uninitialized memory from TIFF image files, potentially leading to information dis...

This vulnerability in Python's urllib.parse module allows attackers to craft URLs that appear to belong to one domain but are parsed as another due to...

CVE-2019-9631 is a heap-based buffer over-read vulnerability in Poppler's PDF rendering library. Attackers can exploit this by crafting malicious PDF ...

CVE-2018-12405 is a critical memory corruption vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird that could allow remote attackers to exe...

A buffer overflow vulnerability in the Skia graphics library allows attackers to cause memory corruption through specially crafted 2D canvas operation...

This vulnerability is an integer overflow in image buffer size calculations in Mozilla products, which can lead to out-of-bounds writes. Attackers cou...

This is a critical memory corruption vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird that could allow attackers to execute arbitrary co...

This vulnerability allows attackers to trigger a potentially exploitable crash in Firefox, Firefox ESR, and Thunderbird by manipulating user events in...

CVE-2019-9215 is a critical memory corruption vulnerability in Live555 media streaming server where malformed authorization headers cause invalid memo...

This vulnerability in PHP's xmlrpc_decode() function allows attackers to trigger invalid memory access (heap out-of-bounds read or read-after-free) by...

This CVE describes heap-based buffer over-read vulnerabilities in PHP's mbstring regular expression functions when processing invalid multibyte data. ...

CVE-2019-7164 is a SQL injection vulnerability in SQLAlchemy that allows attackers to inject malicious SQL code via the order_by parameter. This affec...

This vulnerability in Google Chrome allowed attackers to escape the browser's security sandbox via specially crafted HTML pages. It affected Chrome on...

This vulnerability allows local code injection in Debian's python-rdflib-tools package. Attackers can execute arbitrary Python code by placing malicio...

This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could...

CVE-2018-8793 is a critical heap-based buffer overflow vulnerability in rdesktop RDP client that allows remote attackers to execute arbitrary code on ...

CVE-2018-8795 is a critical integer overflow vulnerability in rdesktop RDP client that leads to heap-based buffer overflow and remote code execution. ...