Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-2981 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP).
network
high complexity
oracle redhat netapp debian opensuse canonical
3.7
2019-10-16 CVE-2019-2983 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
network
high complexity
oracle redhat netapp debian opensuse canonical
3.7
2019-10-16 CVE-2019-2987 Vulnerability in the Java SE product of Oracle Java SE (component: 2D).
network
high complexity
oracle redhat netapp debian
3.7
2019-10-16 CVE-2019-2988 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D).
network
high complexity
oracle netapp debian canonical opensuse redhat
3.7
2019-10-16 CVE-2019-2992 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D).
network
high complexity
oracle redhat netapp debian canonical opensuse
3.7
2019-10-01 CVE-2019-17052 Incorrect Default Permissions vulnerability in multiple products
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
local
low complexity
linux debian fedoraproject canonical CWE-276
3.3
2019-10-01 CVE-2019-17055 Missing Authorization vulnerability in multiple products
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
3.3
2019-07-04 CVE-2019-13232 Resource Exhaustion vulnerability in multiple products
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
local
low complexity
unzip-project debian CWE-400
3.3
2019-05-10 CVE-2019-11884 The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. 3.3
2019-04-17 CVE-2019-9495 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns.
3.7