Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-05 CVE-2019-19553 Missing Initialization of Resource vulnerability in multiple products
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash.
network
low complexity
wireshark opensuse oracle debian CWE-909
7.5
7.5
2019-12-03 CVE-2013-7325 Unspecified vulnerability in Debian Linux and Devscripts
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
network
low complexity
debian
8.8
8.8
2019-12-03 CVE-2013-2106 Insufficiently Protected Credentials vulnerability in multiple products
webauth before 4.6.1 has authentication credential disclosure
network
low complexity
stanford debian CWE-522
7.5
7.5
2019-12-02 CVE-2012-4576 Improper Input Validation vulnerability in multiple products
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
local
low complexity
freebsd debian CWE-20
7.8
7.8
2019-12-02 CVE-2012-4428 Out-of-bounds Read vulnerability in multiple products
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
network
low complexity
openslp debian fedoraproject canonical CWE-125
7.5
7.5
2019-11-27 CVE-2012-2248 Improper Input Validation vulnerability in multiple products
An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.
network
high complexity
dhclient-project debian CWE-20
8.1
8.1
2019-11-27 CVE-2011-2187 Missing Authentication for Critical Function vulnerability in multiple products
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
local
low complexity
xscreensaver-project debian CWE-306
7.8
7.8
2019-11-27 CVE-2019-10220 Path Traversal vulnerability in multiple products
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
network
low complexity
linux debian canonical CWE-22
8.8
8.8
2019-11-26 CVE-2019-16255 Code Injection vulnerability in multiple products
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data.
network
high complexity
ruby-lang debian opensuse oracle CWE-94
8.1
8.1
2019-11-26 CVE-2019-16201 Improper Authentication vulnerability in multiple products
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking.
network
low complexity
ruby-lang debian CWE-287
7.5
7.5