Vulnerabilities > Debian > Debian Linux > Low

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2019-13762 Improper Locking vulnerability in multiple products
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.
local
low complexity
google debian fedoraproject redhat CWE-667
3.3
2019-12-05 CVE-2012-1105 Information Exposure vulnerability in multiple products
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory.
local
low complexity
apereo fedoraproject debian CWE-200
2.1
2019-12-05 CVE-2013-0326 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
OpenStack nova base images permissions are world readable
local
low complexity
openstack debian CWE-732
2.1
2019-12-03 CVE-2019-19534 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
local
low complexity
linux debian canonical CWE-909
2.1
2019-12-03 CVE-2019-19535 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
local
low complexity
linux debian opensuse oracle CWE-909
2.1
2019-12-03 CVE-2019-19536 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
local
low complexity
linux debian opensuse CWE-909
2.1
2019-11-29 CVE-2014-3591 Information Exposure vulnerability in multiple products
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
1.9
2019-11-28 CVE-2019-19318 Use After Free vulnerability in multiple products
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
local
low complexity
linux opensuse canonical debian netapp CWE-416
2.1
2019-11-27 CVE-2012-6655 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
2.1
2019-11-26 CVE-2011-3632 Link Following vulnerability in multiple products
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
local
low complexity
hardlink-project debian redhat CWE-59
3.6