Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-12 | CVE-2010-3844 | Classic Buffer Overflow vulnerability in multiple products An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | 6.8 |
| 2019-11-12 | CVE-2010-3299 | Missing Encryption of Sensitive Data vulnerability in multiple products The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | 4.3 |
| 2019-11-12 | CVE-2010-3439 | Improper Input Validation vulnerability in multiple products It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | 4.0 |
| 2019-11-12 | CVE-2010-3359 | Improper Input Validation vulnerability in multiple products If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. | 4.4 |
| 2019-11-12 | CVE-2012-1572 | Resource Exhaustion vulnerability in multiple products OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | 5.0 |
| 2019-11-12 | CVE-2019-18848 | Improper Authentication vulnerability in multiple products The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. | 5.0 |
| 2019-11-12 | CVE-2011-3618 | Link Following vulnerability in multiple products atop: symlink attack possible due to insecure tempfile handling | 4.6 |
| 2019-11-11 | CVE-2019-18849 | Out-of-bounds Read vulnerability in multiple products In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. | 5.5 |
| 2019-11-08 | CVE-2019-14824 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. | 6.5 |
| 2019-11-07 | CVE-2013-1811 | Improper Input Validation vulnerability in multiple products An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | 4.0 |