Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-29 | CVE-2014-3591 | Information Exposure vulnerability in multiple products Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. | 1.9 |
2019-11-29 | CVE-2015-1855 | Improper Input Validation vulnerability in multiple products verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters. | 4.3 |
2019-11-29 | CVE-2019-14901 | Heap-based Buffer Overflow vulnerability in multiple products A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. | 9.8 |
2019-11-29 | CVE-2019-14897 | Stack-based Buffer Overflow vulnerability in multiple products A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. | 9.8 |
2019-11-29 | CVE-2019-14895 | Heap-based Buffer Overflow vulnerability in multiple products A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. | 9.8 |
2019-11-28 | CVE-2019-19318 | Use After Free vulnerability in multiple products In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, | 2.1 |
2019-11-27 | CVE-2011-2523 | OS Command Injection vulnerability in multiple products vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | 10.0 |
2019-11-27 | CVE-2011-2515 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. | 4.6 |
2019-11-27 | CVE-2013-2625 | Improper Privilege Management vulnerability in multiple products An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. | 6.4 |
2019-11-27 | CVE-2011-2207 | Improper Certificate Validation vulnerability in multiple products dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | 5.0 |