Vulnerabilities > Debian > Debian Linux > Low

DATE CVE VULNERABILITY TITLE RISK
2020-02-06 CVE-2020-8648 Use After Free vulnerability in multiple products
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
3.6
2020-02-06 CVE-2020-8649 Use After Free vulnerability in multiple products
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
local
low complexity
linux opensuse debian CWE-416
3.6
2020-02-05 CVE-2020-8631 Use of Insufficiently Random Values vulnerability in multiple products
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
local
low complexity
canonical opensuse debian CWE-330
2.1
2020-02-05 CVE-2020-8632 Weak Password Requirements vulnerability in multiple products
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
local
low complexity
canonical opensuse debian CWE-521
2.1
2020-01-21 CVE-2020-5202 apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port.
local
low complexity
apt-cacher-ng-project debian opensuse
2.1
2019-12-30 CVE-2012-5474 Missing Encryption of Sensitive Data vulnerability in multiple products
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
2.1
2019-12-30 CVE-2012-5476 Information Exposure vulnerability in multiple products
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
local
low complexity
openstack debian CWE-200
2.1
2019-12-26 CVE-2012-2736 Missing Authentication for Critical Function vulnerability in multiple products
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
3.3
2019-12-25 CVE-2019-19965 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
1.9
2019-12-23 CVE-2019-5108 Improper Authentication vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3.
3.3