Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2012-3409 | Improper Input Validation vulnerability in multiple products ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | 4.6 |
| 2019-12-19 | CVE-2019-19906 | Off-by-one Error vulnerability in multiple products cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. | 7.5 |
| 2019-12-18 | CVE-2018-1311 | Use After Free vulnerability in multiple products The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. | 8.1 |
| 2019-12-18 | CVE-2019-19880 | NULL Pointer Dereference vulnerability in multiple products exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | 5.0 |
| 2019-12-17 | CVE-2012-2237 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. | 4.3 |
| 2019-12-17 | CVE-2019-19816 | Out-of-bounds Write vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. | 7.8 |
| 2019-12-17 | CVE-2019-19813 | Use After Free vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. | 7.1 |
| 2019-12-17 | CVE-2019-19830 | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. | 4.0 |
| 2019-12-16 | CVE-2019-16779 | Race Condition vulnerability in multiple products In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. | 4.3 |
| 2019-12-16 | CVE-2019-19331 | Improper Resource Shutdown or Release vulnerability in multiple products knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. | 7.5 |