Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-27 | CVE-2012-6655 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | 2.1 |
2019-11-27 | CVE-2012-2248 | Improper Input Validation vulnerability in multiple products An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable. | 9.3 |
2019-11-27 | CVE-2011-2187 | Missing Authentication for Critical Function vulnerability in multiple products xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | 4.6 |
2019-11-27 | CVE-2016-1000110 | Open Redirect vulnerability in multiple products The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. | 6.1 |
2019-11-27 | CVE-2019-19330 | Injection vulnerability in multiple products The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | 9.8 |
2019-11-27 | CVE-2019-10220 | Path Traversal vulnerability in multiple products Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | 8.8 |
2019-11-27 | CVE-2019-14896 | Heap-based Buffer Overflow vulnerability in multiple products A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. | 9.8 |
2019-11-26 | CVE-2011-1939 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | 7.5 |
2019-11-26 | CVE-2011-1934 | Information Exposure vulnerability in multiple products lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. | 4.0 |
2019-11-26 | CVE-2019-16255 | Code Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. | 8.1 |