Vulnerabilities > Debian > Debian Linux > 10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-07 | CVE-2007-5743 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | 4.3 |
2019-11-06 | CVE-2011-4625 | Improper Handling of Exceptional Conditions vulnerability in multiple products simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. | 5.0 |
2019-11-05 | CVE-2013-6275 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | 4.3 |
2019-11-05 | CVE-2013-6364 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | 6.8 |
2019-10-31 | CVE-2012-6123 | Improper Input Validation vulnerability in multiple products Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | 5.0 |
2018-12-17 | CVE-2018-20185 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. | 2.6 |
2017-09-20 | CVE-2017-14604 | Improper Input Validation vulnerability in multiple products GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. | 4.0 |