Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-04 CVE-2013-2745 SQL Injection vulnerability in multiple products
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
network
low complexity
minidlna-project debian CWE-89
7.5
7.5
2019-12-02 CVE-2012-4576 Improper Input Validation vulnerability in multiple products
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
local
low complexity
freebsd debian CWE-20
7.2
7.2
2019-11-27 CVE-2019-10220 Path Traversal vulnerability in multiple products
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
network
low complexity
linux debian canonical CWE-22
8.8
8.8
2019-11-26 CVE-2011-1939 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
network
low complexity
zend php debian CWE-89
7.5
7.5
2019-11-26 CVE-2019-16255 Code Injection vulnerability in multiple products
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data.
network
high complexity
ruby-lang debian opensuse oracle CWE-94
8.1
8.1
2019-11-26 CVE-2019-16201 Improper Authentication vulnerability in multiple products
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking.
network
low complexity
ruby-lang debian CWE-287
7.5
7.5
2019-11-26 CVE-2019-18679 Information Exposure vulnerability in multiple products
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. 		7.5
7.5
2019-11-26 CVE-2019-18676 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid 3.x and 4.x through 4.8. 		7.5
7.5
2019-11-26 CVE-2011-4120 Improper Input Validation vulnerability in multiple products
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration.
network
low complexity
yubico linux debian CWE-20
7.5
7.5
2019-11-25 CVE-2019-19246 Out-of-bounds Read vulnerability in multiple products
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. 		7.5
7.5