Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-09-09
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-08
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.
CVSS Score
7.8
EPSS Score
0.008
Published
2019-09-06
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-09-06
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVSS Score
7.3
EPSS Score
0.085
Published
2019-09-06
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
CVSS Score
9.8
EPSS Score
0.651
Published
2019-09-06
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
CVSS Score
6.4
EPSS Score
0.0
Published
2019-09-05
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
CVSS Score
6.4
EPSS Score
0.001
Published
2019-09-05
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-05
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
CVSS Score
9.1
EPSS Score
0.05
Published
2019-09-04