Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-22 | CVE-2019-19922 | Resource Exhaustion vulnerability in multiple products kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. | 5.5 |
2019-12-20 | CVE-2012-6111 | Improper Input Validation vulnerability in multiple products gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | 5.0 |
2019-12-20 | CVE-2012-6094 | Incorrect Authorization vulnerability in multiple products cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | 6.8 |
2019-12-20 | CVE-2015-8313 | Information Exposure Through Discrepancy vulnerability in multiple products GnuTLS incorrectly validates the first byte of padding in CBC modes | 4.3 |
2019-12-20 | CVE-2012-5639 | Exposure of Resource to Wrong Sphere vulnerability in multiple products LibreOffice and OpenOffice automatically open embedded content | 6.5 |
2019-12-20 | CVE-2012-3409 | Improper Input Validation vulnerability in multiple products ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | 4.6 |
2019-12-18 | CVE-2019-19880 | NULL Pointer Dereference vulnerability in multiple products exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | 5.0 |
2019-12-17 | CVE-2012-2237 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. | 4.3 |
2019-12-17 | CVE-2019-19830 | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. | 4.0 |
2019-12-16 | CVE-2019-16779 | Race Condition vulnerability in multiple products In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. | 4.3 |