Debian: >> Debian Linux Security Vulnerabilities
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
CVSS Score
9.8
EPSS Score
0.082
Published
2019-03-15
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
CVSS Score
8.8
EPSS Score
0.027
Published
2019-03-13
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-03-13
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)
CVSS Score
6.5
EPSS Score
0.037
Published
2019-03-13
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
CVSS Score
6.5
EPSS Score
0.016
Published
2019-03-12
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-03-12
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-03-12
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
CVSS Score
5.5
EPSS Score
0.005
Published
2019-03-12
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.
CVSS Score
8.8
EPSS Score
0.021
Published
2019-03-11
Checkstyle before 8.18 loads external DTDs by default.
CVSS Score
5.3
EPSS Score
0.037
Published
2019-03-11