debian vulnerabilities and exploits

4.8
CVSSv2
CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once,...

EstrongsEs File Explorer File Manager
NA
CVE-2019-12854

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it....

4.3
CVSSv2
CVE-2019-12529

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over...

Squid-cacheSquid
6.8
CVSSv2
CVE-2019-12527

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer...

Squid-cacheSquid
7.5
CVSSv2
CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts...

Squid-cacheSquid
5.8
CVSSv2
CVE-2019-7738

C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI....

NA
CVE-2019-14534

VideoLAN VLC media player is vulnerable to a denial of service, caused by a NULL pointer dereference in ASF demuxer. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash....

NA
CVE-2019-14970

Videolan VLC media player is vulnerable to a buffer overflow, caused by a flaw in MKV demuxer. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code with the privileges of the user....

NA
CVE-2019-14777

VideoLAN VLC media player could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in MKV demuxer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code with...

NA
CVE-2019-14776

VideoLAN VLC media player is vulnerable to a buffer overflow, caused by a flaw in ASF demuxer. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code with the privileges of the user....