Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-20 | CVE-2012-6136 | Incorrect Default Permissions vulnerability in multiple products tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | 4.9 |
| 2019-11-20 | CVE-2011-1028 | Improper Input Validation vulnerability in multiple products The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | 7.5 |
| 2019-11-19 | CVE-2019-19126 | Improper Initialization vulnerability in multiple products On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. | 3.3 |
| 2019-11-19 | CVE-2011-2924 | Link Following vulnerability in multiple products foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. | 3.3 |
| 2019-11-19 | CVE-2011-2923 | Link Following vulnerability in multiple products foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. | 3.3 |
| 2019-11-19 | CVE-2016-1000236 | Race Condition vulnerability in multiple products Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. | 4.4 |
| 2019-11-19 | CVE-2012-6071 | Improper Certificate Validation vulnerability in multiple products nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | 5.0 |
| 2019-11-19 | CVE-2014-5439 | Out-of-bounds Write vulnerability in multiple products Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. | 9.3 |
| 2019-11-19 | CVE-2012-0843 | Information Exposure vulnerability in multiple products uzbl: Information disclosure via world-readable cookies storage file | 2.1 |
| 2019-11-19 | CVE-2011-4968 | Improper Input Validation vulnerability in multiple products nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | 5.8 |