Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-15 | CVE-2019-18928 | Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | 9.8 |
| 2019-11-14 | CVE-2019-18978 | Path Traversal vulnerability in multiple products An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. | 5.0 |
| 2019-11-14 | CVE-2018-12207 | Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 |
| 2019-11-14 | CVE-2019-11139 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | 6.0 |
| 2019-11-14 | CVE-2019-11135 | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | 6.5 |
| 2019-11-14 | CVE-2012-1155 | Information Exposure vulnerability in multiple products Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 5.0 |
| 2019-11-14 | CVE-2011-1930 | Remote Shell Command Execution vulnerability in klibc DHCP Options Processing In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. | 10.0 |
| 2019-11-14 | CVE-2011-1588 | Use of Externally-Controlled Format String vulnerability in multiple products Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. | 6.8 |
| 2019-11-14 | CVE-2011-1490 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. | 2.1 |
| 2019-11-14 | CVE-2011-1489 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. | 2.1 |