Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-08 CVE-2019-19448 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
local
low complexity
linux debian canonical netapp CWE-416
7.8
7.8
2019-12-06 CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
network
low complexity
phpmyadmin debian
7.5
7.5
2019-12-05 CVE-2019-16770 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack.
network
low complexity
puma debian CWE-770
7.5
7.5
2019-12-05 CVE-2019-19553 Missing Initialization of Resource vulnerability in multiple products
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash.
network
low complexity
wireshark opensuse oracle debian CWE-909
7.5
7.5
2019-12-04 CVE-2013-2745 SQL Injection vulnerability in multiple products
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
network
low complexity
minidlna-project debian CWE-89
7.5
7.5
2019-12-02 CVE-2012-4576 Improper Input Validation vulnerability in multiple products
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
local
low complexity
freebsd debian CWE-20
7.2
7.2
2019-11-27 CVE-2019-10220 Path Traversal vulnerability in multiple products
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
network
low complexity
linux debian canonical CWE-22
8.8
8.8
2019-11-26 CVE-2011-1939 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
network
low complexity
zend php debian CWE-89
7.5
7.5
2019-11-26 CVE-2019-16255 Code Injection vulnerability in multiple products
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data.
network
high complexity
ruby-lang debian opensuse oracle CWE-94
8.1
8.1
2019-11-26 CVE-2019-16201 Improper Authentication vulnerability in multiple products
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking.
network
low complexity
ruby-lang debian CWE-287
7.5
7.5