Vulnerabilities > Debian > Debian Linux > 10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-19 | CVE-2020-24368 | Path Traversal vulnerability in multiple products Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. | 7.5 |
| 2019-12-30 | CVE-2013-2016 | Improper Privilege Management vulnerability in multiple products A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. | 6.9 |
| 2019-12-26 | CVE-2012-2736 | Missing Authentication for Critical Function vulnerability in multiple products In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | 3.3 |
| 2019-12-10 | CVE-2016-1000108 | Open Redirect vulnerability in multiple products yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.8 |
| 2019-12-04 | CVE-2013-2745 | SQL Injection vulnerability in multiple products An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 | 7.5 |
| 2019-11-27 | CVE-2011-2515 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. | 4.6 |
| 2019-11-27 | CVE-2013-2625 | Improper Privilege Management vulnerability in multiple products An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. | 6.4 |
| 2019-11-27 | CVE-2012-6655 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | 2.1 |
| 2019-11-27 | CVE-2012-2248 | Improper Input Validation vulnerability in multiple products An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable. | 9.3 |
| 2019-11-27 | CVE-2011-2187 | Missing Authentication for Critical Function vulnerability in multiple products xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | 4.6 |