Debian: >> Debian Linux Security Vulnerabilities
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
CVSS Score
7.5
EPSS Score
0.027
Published
2019-08-01
CVE-2019-0193
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
Known exploited
CVSS Score
7.2
EPSS Score
0.835
Published
2019-08-01
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.
CVSS Score
9.1
EPSS Score
0.019
Published
2019-07-31
XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.
CVSS Score
5.5
EPSS Score
0.013
Published
2019-07-31
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
CVSS Score
6.3
EPSS Score
0.011
Published
2019-07-31
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
CVSS Score
8.2
EPSS Score
0.04
Published
2019-07-31
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.
CVSS Score
9.1
EPSS Score
0.02
Published
2019-07-31
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).
CVSS Score
7.5
EPSS Score
0.027
Published
2019-07-31
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
CVSS Score
4.6
EPSS Score
0.018
Published
2019-07-30
libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.
CVSS Score
6.5
EPSS Score
0.009
Published
2019-07-30