Package: sqlite3
Version: 3.7.13-1+deb7u3
CVE ID : CVE-2016-6153
It was discovered that sqlite3, a C library that implements a SQL
database engine, would reject a temporary directory (e.g., as specified
by the TMPDIR environment variable) to which the executing user did no
Package: icu
Version: 4.8.1.1-12+deb7u4
CVE ID : CVE-2015-2632 CVE-2015-4844 CVE-2016-0494
Several security issues have been identified and corrected in ICU, the
International Components for Unicode C and C++ library, in Debian Wheezy.
CVE-2015-2632
Buffer overflow v
Package: icu
Version: 4.8.1.1-12+deb7u5
CVE ID : CVE-2016-6293
This update fixes a buffer overflow in the uloc_acceptLanguageFromHTTP
function in ICU, the International Components for Unicode C and C++
library, in Debian Wheezy
For Debian 7 "Wheezy", these problems have b
Package: mysql-5.5
Version: 5.5.52-0+deb7u1
CVE ID : CVE-2016-6662
Dawid Golunski discovered that the mysqld_safe wrapper provided by the
MySQL database server insufficiently restricted the load path for custom
malloc implementations, which could result in privilege escalat
Package: ghostscript
Version: 9.05~dfsg-6.3+deb7u3
CVE ID : CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978
CVE-2016-7979 CVE-2016-8602
Debian Bug : 839118 839260 839841 839845 839846 840451
Several vulnerabilities were discovered in Ghostscrip
Package: ghostscript
Version: 9.05~dfsg-6.3+deb7u4
Debian Bug : 840691
The update for ghostscript issued as DLA-674-1 caused regressions for
certain Postscript document viewers (evince, zathura). Updated packages
are now available to address this problem. For reference, the or
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u8
CVE ID : CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808
CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812
CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u9
Debian Bug : 847058
The update for imagemagick issued as DLA-731-1 caused regressions when
decoding properties of certain images. Updated packages are now
available to address this problem. For reference, the original advisory
Package: icu
Version: 4.8.1.1-12+deb7u6
CVE ID : CVE-2014-9911 CVE-2016-7415
Debian Bug : 838694
Brief introduction
CVE-2014-9911
Michele Spagnuolo discovered a buffer overflow vulnerability which
might allow remote attackers to cause a denial of service or
Package: php5
Version: 5.4.45-0+deb7u7
CVE ID : CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-4342
CVE-2016-9934 CVE-2016-9935 CVE-2016-10158 CVE-2016-10159
CVE-2016-10160 CVE-2016-10161
PHP-Bugs : 71323 70979 71039 71459 71391
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u12
CVE ID : CVE-2016-10062 CVE-2017-6498 CVE-2017-6500
Debian Bug : 849439 856878 856879
Several issues have been discovered in ImageMagick, a popular set of
programs and libraries for image manipulation. These issues in
Package: samba
Version: 2:3.6.6-6+deb7u12
CVE ID : CVE-2017-2619
Jann Horn of Google discovered a time-of-check, time-of-use race
condition in Samba, a SMB/CIFS file, print, and login server for Unix. A
malicious client can take advantage of this flaw by exploting a symlink
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u15
CVE ID : CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407
CVE-2017-9409 CVE-2017-9439 CVE-2017-9500 CVE-2017-9501
Debian Bug : 863833 863834 864087 864089 864090 864274
This update fixes severa
Package: apache2
Version: 2.2.22-13+deb7u9
CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679
Several vulnerabilities have been found in the Apache HTTPD server.
CVE-2017-3167
Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by
third
Package: tiff3
Version: 3.9.6-11+deb7u7
CVE ID : CVE-2017-9936
Debian Bug : 866113
A vulnerabilitie has been discovered in the libtiff library and the
included tools, which may result in denial of service or the execution
of arbitrary code.
CVE-2017-9936
A crafte
Package: tiff
Version: 4.0.2-6+deb7u15
CVE ID : CVE-2017-9936 CVE-2017-10688
Debian Bug : 866113 866611
Two vulnerabilities have been discovered in the libtiff library and the
included tools, which may result in denial of service or the execution
of arbitrary code.
CV
Package: imagemagick
Version: 6.7.7.10-5+deb7u16
CVE ID : CVE-2017-8352 CVE-2017-9144 CVE-2017-9501 CVE-2017-10928
CVE-2017-10995 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188
CVE-2017-11352 CVE-2017-11360 CVE-2017-11446 CVE-2017-11448
Package: tiff
Version: 4.0.2-6+deb7u16
CVE ID : CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727
Debian Bug : 868513 872607 873880 873879
Several vulnerabilities have been discovered in the Tag Image File
Format (TIFF) library and its associated tools.
CVE-
Package: tiff3
Version: 3.9.6-11+deb7u8
CVE ID : CVE-2017-11335
Debian Bug : 868513
A heap based buffer overflow has been discovered in the tiff2pdf
utility, part of the Tag Image File Format (TIFF) library.
A PlanarConfig=Contig image can cause an out-of-bounds write
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u17
CVE ID : CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875
CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060
CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175
Package: nss
Version: 2:3.26-1+debu7u5
CVE ID : CVE-2017-7805
Martin Thomson discovered that nss, the Mozilla Network Security Service
library, is prone to a use-after-free vulnerability in the TLS 1.2
implementation when handshake hashes are generated. A remote attacker
ca
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u18
CVE ID : CVE-2017-15277 CVE-2017-15281
Debian Bug : 878578 878579
This update fixes two vulnerabilities in ImageMagick:
CVE-2017-15277
An uninitialized data structure could lead to information disclosure
when
Package: tomcat7
Version: 7.0.28-4+deb7u16
CVE ID : CVE-2017-12617
A remote code execution vulnerability has been discovered in tomcat7.
When HTTP PUT was enabled (e.g., via setting the readonly initialization
parameter of the Default servlet to false) it was possible to
Package: tomcat7
Version: 7.0.28-4+deb7u17
Debian Bug : 881162
The update for tomcat7 issued as DLA-1166-1 caused a regressions whereby every
request, including for the root document (/), returned HTTP status 404. Updated
packages are now available to address this problem. For
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u14
CVE ID : CVE-2017-16669
A remote denial of service vulnerability has been discovered in
graphicsmagick, a collection of image processing tools and associated
libraries.
A specially crafted file can be used to produce a h
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u15
CVE ID : CVE-2017-13134 CVE-2017-16547
Debian Bug : 881524
Security vulnerabilities have been identified in graphicsmagick, a
collection of image processing utilities and libraries.
CVE-2017-13134
Graphicsmagick
Package: ldns
Version: 1.6.13-1+deb7u2
CVE ID : CVE-2017-1000231
Debian Bug : 882015
A security vulnerability has been discovered in ldns, a library and
collection of utilities for DNS programming.
CVE-2017-1000231
The generic parser contained a double-free vulne
Package: python2.7
Version: 2.7.3-6+deb7u4
CVE ID : CVE-2017-1000158
A minor security vulnerability has been discovered in Python 2.7, an
interactive high-level object-oriented language.
CVE-2017-1000158
CPython (the reference implementation of Python also commonly k
Package: python2.6
Version: 2.6.8-1.1+deb7u1
CVE ID : CVE-2017-1000158
A minor security vulnerability has been discovered in Python 2.7, an
interactive high-level object-oriented language.
CVE-2017-1000158
CPython (the reference implementation of Python also commonly
Package: roundcube
Version: 0.7.2-9+deb7u9
CVE ID : CVE-2017-16651
A file disclosure vulnerability was discovered in roundcube, a skinnable
AJAX based webmail solution for IMAP servers.
CVE-2017-16651
An authenticated attacker can take advantage of this flaw to read
Package: mercurial
Version: 2.2.2-4+deb7u6
CVE ID : CVE-2017-17458
A vulnerability was found in the Mercurial version control system
which could lead to remote arbitrary code execution.
CVE-2017-17458
A specially malformed Mercurial repository could cause Git
sub
Package: asterisk
Version: 1:1.8.13.1~dfsg1-3+deb7u8
CVE ID : CVE-2017-17090
Debian Bug : 883342
A vulnerability has been discovered in Asterisk, an open source PBX and
telephony toolkit, which may result in resource exhaustion and denial of
service.
CVE-2017-17090: me
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u17
CVE ID : CVE-2018-5685
Debian Bug : 887158
A vulnerability has been discovered in GraphicsMagick, a collection of
image processing tools, which may result in a denial of service.
CVE-2018-5685:
An infinite loop a
Package: tiff
Version: 4.0.2-6+deb7u18
CVE ID : CVE-2017-18013
Debian Bug : 885985
A vulnerability has been discovered in the libtiff image processing
library which may result in an application crash and denial of
service.
CVE-2017-18013
NULL pointer dereference
Package: tiff3
Version: 3.9.6-11+deb7u9
CVE ID : CVE-2017-18013
Debian Bug : 885985
A vulnerability has been discovered in the libtiff image processing
library which may result in an application crash and denial of
service.
CVE-2017-18013
NULL pointer dereference
Package: clamav
Version: 0.99.2+dfsg-0+deb7u4
CVE ID : CVE-2017-12374 CVE-2017-12375 CVE-2017-12376
CVE-2017-12377 CVE-2017-12378 CVE-2017-12379
CVE-2017-12380
Debian Bug : 888484 824196
Multiple vulnerabilities have been discovered i
Package: squid3
Version: 3.1.20-2.2+deb7u8
CVE ID : CVE-2018-124 CVE-2018-127
Debian Bug : 888719 888720
Squid, a high-performance proxy caching server for web clients, has been
found vulnerable to denial of service attacks associated with ESI
response processi
Package: squid
Version: 2.7.STABLE9-4.1+deb7u3
CVE ID : CVE-2018-127
Debian Bug : 888720
Squid, a high-performance proxy caching server for web clients, has been
found vulnerable to denial of service attacks associated with ESI
response processing and intermediate
Package: audacity
Version: 2.0.1-1+deb7u1
CVE ID : CVE-2016-2540
Chris Navarrete from Fortinet's FortiGuard Labs discovered that Audacity,
a multi-track audio editor, contains a vulnerability such that a .wav
file with a crafted FORMATCHUNK structure (many channels) can re
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u18
CVE ID : CVE-2018-6799
A denial of service vulnerability has been discovered in graphicsmagick,
a collection of image processing tools and associated libraries.
A specially crafted file can be used to produce a denial o
Package: apache2
Version: 2.2.22-13+deb7u13
CVE ID : CVE-2017-15710 CVE-2018-1301 CVE-2018-1312
Debian Bug :
Several vulnerabilities have been found in the Apache HTTPD server.
CVE-2017-15710
Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if
co
Package: imagemagick
Version: 8:6.8.9.9-5+deb8u13
CVE ID : CVE-2018-11251 CVE-2018-12599 CVE-2018-12600
Several security vulnerabilities were discovered in ImageMagick, an
image manipulation program, that allow remote attackers to cause denial
of service (application crash
Package: php5
Version: 5.6.36+dfsg-0+deb8u1
CVE ID : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547
CVE-2018-10548 CVE-2018-10549
Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:
CVE-2018
Package: exiv2
Version: 0.24-4.1+deb8u1
CVE ID : CVE-2018-10958 CVE-2018-10998 CVE-2018-10999 CVE-2018-11531
CVE-2018-12264 CVE-2018-12265
Debian Bug : 901706 901707
Several vulnerabilities have been discovered in exiv2, a C++ library and
a command li
Package: tomcat8
Version: 8.0.14-1+deb8u12
CVE ID : CVE-2018-1304 CVE-2018-1305
Debian Bug : 802312
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
CVE-2018-1304
The URL pattern of "" (the empty string) which exactly map
Package: graphicsmagick
Version: 1.3.20-3+deb8u4
CVE ID : CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102
CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638
CVE-2017-11641 CVE-2017-11642 CVE-2017-12935 CVE-2017-12936
Package: php5
Version: 5.6.37+dfsg-0+deb8u1
CVE ID : CVE-2018-14851 CVE-2018-14883
Debian Bug : 890266
Two vulnerabilities have been discovered in php5, a server-side,
HTML-embedded scripting language. One (CVE-2018-14851) results in a
potential denial of service (out
Package: tomcat8
Version: 8.0.14-1+deb8u13
CVE ID : CVE-2018-1336 CVE-2018-8034
Two security issues have been discovered in the Tomcat servlet and JSP
engine.
CVE-2018-1336
An improper handing of overflow in the UTF-8 decoder with
supplementary characters can lead to
Package: php5
Version: 5.6.38+dfsg-0+deb8u1
CVE ID : CVE-2018-17082
A vulnerability has been discovered in php5, a server-side,
HTML-embedded scripting language. The Apache2 component allows XSS via
the body of a "Transfer-Encoding: chunked" request because of a defect
in
Package: imagemagick
Version: 8:6.8.9.9-5+deb8u14
CVE ID : CVE-2018-16412 CVE-2018-16413 CVE-2018-16642
CVE-2018-16643 CVE-2018-16644 CVE-2018-16645
CVE-2018-16749
Several security vulnerabilities were discovered in ImageMagick, an
image m
Package: exiv2
Version: 0.24-4.1+deb8u2
CVE ID : CVE-2018-10958 CVE-2018-10999 CVE-2018-16336
A vulnerability has been discovered in exiv2 (CVE-2018-16336), a C++
library and a command line utility to manage image metadata, resulting
in remote denial of service (heap-based
Package: mysql-5.5
Version: 5.5.62-0+deb8u1
CVE ID : CVE-2018-2767 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066
CVE-2018-3070 CVE-2018-3081 CVE-2018-3133 CVE-2018-3174
CVE-2018-3282
Several issues have been discovered in the MySQL database
Package: php5
Version: 5.6.39+dfsg-0+deb8u1
CVE ID : CVE-2018-19518 CVE-2018-19935
Vulnerabilities have been discovered in php5, a server-side,
HTML-embedded scripting language. Note that this update includes a
change to the default behavior for IMAP connections. See bel
Package: libapache-mod-jk
Version: 1.2.46-0+deb8u1
CVE ID : CVE-2018-11759
A vulnerability has been discovered in libapache-mod-jk, the Apache 2
connector for the Tomcat Java servlet engine.
The libapache-mod-jk connector is susceptible to information disclosure
and privi
Package: php5
Version: 5.6.40+dfsg-0+deb8u1
Several security bugs have been identified and fixed in php5, a
server-side, HTML-embedded scripting language. The affected components
include GD graphics, multi-byte string handling, phar file format
handling, and xmlrpc.
CVEs have no
Package: uw-imap
Version: 8:2007f~dfsg-4+deb8u1
CVE ID : CVE-2018-19518
Debian Bug : 914632
A vulnerability was discovered in uw-imap, the University of Washington
IMAP Toolkit, that might allow remote attackers to execute arbitrary OS
commands if the IMAP server name
Package: nss
Version: 2:3.26-1+debu8u4
CVE ID : CVE-2018-12404 CVE-2018-18508
Debian Bug : 921614
Vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library.
CVE-2018-12404
Cache side-channel variant of the Bleichenbacher attack
CV
Package: symfony
Version: 2.3.21+dfsg-4+deb8u4
CVE ID : CVE-2017-16652 CVE-2017-16654 CVE-2018-11385 CVE-2018-11408
CVE-2018-14773 CVE-2018-19789 CVE-2018-19790
Several security vulnerabilities have been discovered in symfony, a PHP
web application framew
Package: ghostscript
Version: 9.26a~dfsg-0+deb8u3
CVE ID : CVE-2019-3839
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF
interpreter, which may result in denial of service or the execution of
arbitrary code if a malformed Postscript file is processed
Package: cups-filters
Version: 1.0.61-5+deb8u4
Debian Bug : 926576 928936 928952
The update for ghostscript released as DLA-1792-1 uncovered an issue in
cups-filters which was using the undocumented Ghostscript internal
"pdfdict" now hidden in the ghostscript update. Updated c
Package: libspring-security-2.0-java
Version: 2.0.7.RELEASE-3+deb8u1
CVE ID : CVE-2019-3795
A vulnerability was discovered in libspring-security-2.0-java, a modular
Java/J2EE application security framework, when using
SecureRandomFactoryBean#setSeed to configure a SecureRa
Package: python-urllib3
Version: 1.9.1-3+deb8u1
CVE ID : CVE-2019-11236
Debian Bug : 927172
A vulnerability was discovered in python-urllib3, an HTTP library with
thread-safe connection pooling, whereby an attacker can inject CRLF
characters in the request parameter.
Package: python2.7
Version: 2.7.9-2+deb8u3
CVE ID : CVE-2018-14647 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740
CVE-2019-9947 CVE-2019-9948 CVE-2019-10160
Debian Bug : 921039 921040 924073
Multiple vulnerabilities were discovered in Python, an interactiv
Package: python3.4
Version: 3.4.2-1+deb8u3
CVE ID : CVE-2018-14647 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947
Debian Bug : 921039 924072
Multiple vulnerabilities were discovered in Python, an interactive
high-level object-oriented language, including
CVE-2018-14647
Package: python3.4
Version: 3.4.2-1+deb8u4
CVE ID : CVE-2019-9740 CVE-2019-9947
Debian Bug : 931044
The update issued as DLA-1835-1 caused a regression in the http.client
library in Python 3.4 which was broken by the patch intended to fix
CVE-2019-9740 and CVE-2019-994
Package: libspring-java
Version: 3.0.6.RELEASE-17+deb8u1
CVE ID : CVE-2014-3578 CVE-2014-3625 CVE-2015-3192 CVE-2015-5211
CVE-2016-9878
Debian Bug : 760733 769698 796137 849167
Vulnerabilities have been identified in libspring-java, a modular
Java/J2E
Package: nss
Version: 2:3.26-1+debu8u5
CVE ID : CVE-2019-11719 CVE-2019-11729
Vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library.
CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
When importing a curve255
Package: squid3
Version: 3.4.8-6+deb8u8
CVE ID : CVE-2019-12525 CVE-2019-12529
Squid, a high-performance proxy caching server for web clients, has been
found vulnerable to denial of service attacks associated with HTTP
authentication header processing.
CVE-2019-12525
Package: jackson-databind
Version: 2.4.2-2+deb8u8
CVE ID : CVE-2019-14379 CVE-2019-14439
Debian Bug : 933393
Deserialization flaws were discovered in jackson-databind relating to
EHCache and logback/jndi, which could allow an unauthenticated user to
perform remote code
Package: dovecot
Version: 1:2.2.13-12~deb8u7
CVE ID : CVE-2019-11500
Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve
protocol parsers in the Dovecot email server do not properly validate
input (both pre- and post-login). A remote attacker can take adv
Package: subversion
Version: 1.8.10-6+deb8u7
CVE ID : CVE-2018-11782 CVE-2019-0203
Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2018-11782
Ace
Package: ansible
Version: 1.7.2+dfsg-2+deb8u2
CVE ID : CVE-2015-3908 CVE-2015-6240 CVE-2018-10875 CVE-2019-10156
Debian Bug : 930065
Several vulnerabilities were discovered in Ansible, a configuration
management, deployment, and task execution system.
CVE-2015-3908
Package: python3.4
Version: 3.4.2-1+deb8u7
CVE ID : CVE-2019-16056
A vulnerability was discovered in Python, an interactive high-level
object-oriented language.
CVE-2019-16056
The email module wrongly parses email addresses that contain
multiple @ characters. An
Package: python2.7
Version: 2.7.9-2+deb8u5
CVE ID : CVE-2019-16056
A vulnerability was discovered in Python, an interactive high-level
object-oriented language.
CVE-2019-16056
The email module wrongly parses email addresses that contain
multiple @ characters. An
Package: php-pecl-http
Version: 2.0.4-1+deb8u1
CVE ID : CVE-2016-7398
A vulnerability has been discovered in php-pecl-http, the pecl_http
module for PHP 5 Extended HTTP Support. A type confusion vulnerability
in the merge_param() function allows attackers to crash PHP and
Package: php5
Version: 5.6.40+dfsg-0+deb8u6
Debian Bug : 805222
An update has been made to php5, a server-side, HTML-embedded scripting
language. Specficially, as reported in #805222, the ability to build
extensions in certain older versions of PHP within Debian has been
hind
Package: openconnect
Version: 6.00-2+deb8u1
CVE ID : CVE-2019-16239
Debian Bug : 940871
A vulnerability was discovered by Lukas Kupczyk of the Advanced Research
Team at CrowdStrike Intelligence in OpenConnect, an open client for
Cisco AnyConnect, Pulse, GlobalProtect V
Package: libreoffice
Version: 1:4.3.3-2+deb8u13
CVE ID : CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851
CVE-2019-9852 CVE-2019-9853 CVE-2019-9854
Several vulnerabilities were discovered in LibreOffice, the office
productivity suite.
CVE-2019-984
Package: ampache
Version: 3.6-rzb2752+dfsg-5+deb8u1
CVE ID : CVE-2019-12385 CVE-2019-12386
Several vulnerabilities were discovered in Ampache, a web-based audio
file management system.
CVE-2019-12385
A stored XSS exists in the localplay.php LocalPlay "add instance"
Package: ghostscript
Version: 9.26a~dfsg-0+deb8u6
CVE ID : CVE-2019-14869
Manfred Paul and Lukas Schauer reported that the .charkeys procedure in
Ghostscript, the GPL PostScript/PDF interpreter, does not properly
restrict privileged calls, which could result in bypass of f
Package: symfony
Version: 2.3.21+dfsg-4+deb8u6
CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-1
Multiple vulnerabilities have been found in the Symfony PHP framework
which could lead to a timing attack/information leak, argument injection
and code execution via unseri
Package: nss
Version: 2:3.26-1+debu8u7
CVE ID : CVE-2019-11745
A vulnerability has been discovered in nss, the Mozilla Network Security
Service library. An out-of-bounds write can occur when passing an
output buffer smaller than the block size to NSC_EncryptUpdate.
For D
Package: php-horde
Version: 5.2.1+debian0-2+deb8u5
CVE ID : CVE-2019-12095
A vulnerability has been found in php-horde, the Horde Application
Framework, which may result in information disclosure via cross-site
scripting.
For Debian 8 "Jessie", this problem has been fixed
Package: davical
Version: 1.1.3.1-1+deb8u1
CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347
Debian Bug : 946343
Multiple cross-site scripting and cross-site request forgery issues were
discovered in the DAViCal CalDAV Server.
For Debian 8 "Jessie", these problems
Package: opensc
Version: 0.16.0-3+deb8u2
CVE ID : CVE-2019-19479
An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an
incorrect read operation during parsing of a SETCOS file attribute.
For Debian 8 "Jessie", this problem has been fixed in version
0.
Package: git
Version: 1:2.1.4-2.1+deb8u8
CVE ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1353
CVE-2019-1387
Several vulnerabilities have been discovered in git, a fast, scalable,
distributed revision control system.
CVE-2019-1348
It was
Package: libgd2
Version: 2.1.0-5+deb8u14
CVE ID : CVE-2018-14553
Debian Bug : 951287
A vulnerability was discovered in libgd2, the GD graphics library,
whereby an attacker can employ a specific function call sequence to
trigger a NULL pointer dereference, subsequently
Package: pure-ftpd
Version: 1.0.36-3.2+deb8u1
CVE ID : CVE-2020-9274
Debian Bug : 925666
An uninitialized pointer vulnerability was discovered in pure-ftpd, a
secure and efficient FTP server, which could result in an out-of-bounds
memory read and potential information
Package: zsh
Version: 5.0.7-5+deb8u1
CVE ID : CVE-2019-20044
Debian Bug : 951458
A privilege escalation vulnerability was discovered in zsh, a shell with
lots of features, whereby a user could regain a formerly elevated
privelege level even when such an action should n
Package: graphicsmagick
Version: 1.3.20-3+deb8u9
CVE ID : CVE-2019-12921
A vulnerability was discovered in graphicsmagick, a collection of image
processing tools, that allows allows an attacker to read arbitrary files
via a crafted image because of TranslateTextEx for SVG.
Package: php-horde-form
Version: 2.0.8-2+deb8u2
CVE ID : CVE-2020-8866
Debian Bug : 955020
A remote code execution vulnerability was discovered in the Form API
component of the Horde Application Framework. An authenticated remote
attacker could use this flaw to upload
Package: python-bleach
Version: 1.4-1+deb8u1
CVE ID : CVE-2020-6817
Debian Bug : 955388
A vulnerability was discovered in python-bleach, a whitelist-based
HTML-sanitizing library. Calls to bleach.clean with an allowed tag with
an allowed style attribute are vulnerable
Package: graphicsmagick
Version: 1.3.20-3+deb8u10
CVE ID : CVE-2020-10938
A vulnerability was discovered in graphicsmagick, a collection of image
processing tools, that results in a heap overflow in 32-bit applications
because of a signed overflow on range check in the Huf
Package: php-horde-data
Version: 2.1.0-5+deb8u1
CVE ID : CVE-2020-8518
Debian Bug : 951537
A remote code execution vulnerability was discovered in the Horde
Application Framework. An authenticated remote attacker could use this
flaw to cause execution of uploaded CSV
Package: php-horde-trean
Version: 1.1.1-2+deb8u1
CVE ID : CVE-2020-8865
Debian Bug : 955019
A directory traversal vulnerability resulting from insufficient input
sanitization was discovered in the Horde Application Framework. An
authenticated remote attacker could use
Package: git
Version: 1:2.1.4-2.1+deb8u9
CVE ID : CVE-2020-5260
Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast,
scalable, distributed revision control system. With a crafted URL that
contains a newline, the credential helper machinery can be fooled t
Package: git
Version: 1:2.1.4-2.1+deb8u10
CVE ID : CVE-2020-11008
Carlo Arenas discovered a flaw in git, a fast, scalable, distributed
revision control system. With a crafted URL that contains a newline or
empty host, or lacks a scheme, the credential helper machinery can
Package: openjdk-7
Version: 7u261-2.6.22-1~deb8u1
CVE ID : CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781
CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830
Several vulnerabilities have been discovered in the OpenJDK Java
runtime, resulting
Package: openldap
Version: 2.4.40+dfsg-1+deb8u6
CVE ID : CVE-2020-12243
A vulnerability was discovered in OpenLDAP, a free implementation of the
Lightweight Directory Access Protocol. LDAP search filters with nested
boolean expressions can result in denial of service (slap
Package: firefox-esr
Version: 68.8.0esr-1~deb8u1
CVE ID : CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or informatio
1 - 100 of 144 matches
Mail list logo