Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-08 CVE-2008-7291 Exposure of Resource to Wrong Sphere vulnerability in multiple products
gri before 2.12.18 generates temporary files in an insecure way.
network
low complexity
gri-project debian CWE-668
7.5
2019-11-07 CVE-2007-6745 clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.
network
low complexity
clamav debian
7.5
2019-11-07 CVE-2019-3465 Improper Verification of Cryptographic Signature vulnerability in multiple products
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
8.8
2019-11-07 CVE-2019-18804 NULL Pointer Dereference vulnerability in multiple products
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
7.5
2019-11-06 CVE-2007-0899 Out-of-bounds Write vulnerability in multiple products
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.
network
low complexity
clamav debian CWE-787
7.5
2019-11-04 CVE-2005-4890 Improper Input Validation vulnerability in multiple products
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program".
local
low complexity
debian sudo-project redhat CWE-20
7.2
2019-11-04 CVE-2019-18683 Use After Free vulnerability in multiple products
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8.
7.0
2019-11-04 CVE-2013-4412 NULL Pointer Dereference vulnerability in multiple products
slim has NULL pointer dereference when using crypt() method from glibc 2.17
network
low complexity
berlios debian CWE-476
7.5
2019-11-01 CVE-2013-2739 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
MiniDLNA has heap-based buffer overflow
network
low complexity
readymedia-project debian CWE-119
7.5
2019-10-31 CVE-2019-5010 NULL Pointer Dereference vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6.
network
low complexity
python opensuse debian redhat CWE-476
7.5