Vulnerabilities > Debian > Debian Linux > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-18 | CVE-2018-1311 | Use After Free vulnerability in multiple products The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. | 8.1 |
2019-12-17 | CVE-2019-19816 | Out-of-bounds Write vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. | 7.8 |
2019-12-17 | CVE-2019-19813 | Use After Free vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. | 7.1 |
2019-12-16 | CVE-2019-19331 | Improper Resource Shutdown or Release vulnerability in multiple products knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. | 7.5 |
2019-12-15 | CVE-2014-8650 | Improper Authentication vulnerability in multiple products python-requests-Kerberos through 0.5 does not handle mutual authentication | 7.5 |
2019-12-12 | CVE-2019-12420 | Resource Exhaustion vulnerability in multiple products In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. | 7.5 |
2019-12-11 | CVE-2019-19583 | An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. | 7.5 |
2019-12-11 | CVE-2019-5815 | Type Confusion vulnerability in multiple products Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | 7.5 |
2019-12-11 | CVE-2019-19604 | Missing Authorization vulnerability in multiple products Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | 7.8 |
2019-12-10 | CVE-2019-14889 | OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. | 8.8 |