Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-24 | CVE-2019-19923 | NULL Pointer Dereference vulnerability in multiple products flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. | 5.0 |
2019-12-24 | CVE-2019-19953 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. | 9.1 |
2019-12-24 | CVE-2019-19951 | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | 9.8 |
2019-12-24 | CVE-2019-19950 | Use After Free vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | 9.8 |
2019-12-24 | CVE-2019-19949 | Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | 9.1 |
2019-12-24 | CVE-2019-19948 | Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. | 9.8 |
2019-12-24 | CVE-2019-19947 | Use of Uninitialized Resource vulnerability in multiple products In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | 4.6 |
2019-12-23 | CVE-2019-5108 | Improper Authentication vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. | 3.3 |
2019-12-23 | CVE-2019-3467 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. | 7.8 |
2019-12-23 | CVE-2019-12418 | When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. | 7.0 |