Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-13 | CVE-2010-4654 | Injection vulnerability in multiple products poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | 9.3 |
2019-11-13 | CVE-2010-4653 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | 6.5 |
2019-11-13 | CVE-2010-4533 | Improper Certificate Validation vulnerability in multiple products offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | 7.5 |
2019-11-13 | CVE-2010-4532 | Improper Certificate Validation vulnerability in multiple products offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | 4.3 |
2019-11-13 | CVE-2012-4385 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products letodms 3.3.6 has CSRF via change password | 4.3 |
2019-11-13 | CVE-2012-4384 | Cross-site Scripting vulnerability in multiple products letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | 4.3 |
2019-11-13 | CVE-2019-18397 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. | 7.8 |
2019-11-12 | CVE-2010-3844 | Classic Buffer Overflow vulnerability in multiple products An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | 6.8 |
2019-11-12 | CVE-2010-3440 | Download of Code Without Integrity Check vulnerability in multiple products babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | 3.3 |
2019-11-12 | CVE-2010-3299 | Missing Encryption of Sensitive Data vulnerability in multiple products The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | 4.3 |