Debian: >> Debian Linux Security Vulnerabilities
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.04
Published
2019-07-03
An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.045
Published
2019-07-03
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.038
Published
2019-07-03
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-07-03
DOSBox 0.74-2 has Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.067
Published
2019-07-02
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
CVSS Score
6.5
EPSS Score
0.019
Published
2019-07-02
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
CVSS Score
8.8
EPSS Score
0.033
Published
2019-07-01
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
CVSS Score
6.5
EPSS Score
0.019
Published
2019-07-01
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
CVSS Score
5.3
EPSS Score
0.017
Published
2019-07-01
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
CVSS Score
5.3
EPSS Score
0.065
Published
2019-07-01