Shodan
Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  Security Vulnerabilities
CVE-2019-7574
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVSS Score
8.8
EPSS Score
0.028
Published
2019-02-07
CVE-2019-7575
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
CVSS Score
8.8
EPSS Score
0.03
Published
2019-02-07
CVE-2019-7576
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVSS Score
8.8
EPSS Score
0.029
Published
2019-02-07
CVE-2019-7577
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVSS Score
8.8
EPSS Score
0.03
Published
2019-02-07
CVE-2018-20760
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.
CVSS Score
7.8
EPSS Score
0.014
Published
2019-02-06
CVE-2018-20761
GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.
CVSS Score
7.8
EPSS Score
0.015
Published
2019-02-06
CVE-2018-20762
GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.
CVSS Score
7.8
EPSS Score
0.015
Published
2019-02-06
CVE-2018-20763
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.
CVSS Score
7.8
EPSS Score
0.014
Published
2019-02-06
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVSS Score
7.8
EPSS Score
0.018
Published
2019-02-06
CVE-2018-16890
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
CVSS Score
5.4
EPSS Score
0.054
Published
2019-02-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved