Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2019-10-01 CVE-2019-17052 Incorrect Default Permissions vulnerability in multiple products
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
local
low complexity
linux debian fedoraproject canonical CWE-276
3.3
2019-10-01 CVE-2019-17055 Missing Authorization vulnerability in multiple products
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
3.3
2019-07-04 CVE-2019-13232 Resource Exhaustion vulnerability in multiple products
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
local
low complexity
unzip-project debian CWE-400
3.3
2019-05-10 CVE-2019-11884 The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. 3.3
2019-04-17 CVE-2019-9495 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns.
3.7
2019-03-23 CVE-2019-9942 A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
network
high complexity
symfony debian
3.7
2019-01-28 CVE-2019-3815 Memory Leak vulnerability in multiple products
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
local
low complexity
redhat debian CWE-401
3.3
2019-01-16 CVE-2017-3142 Improper Input Validation vulnerability in multiple products
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet.
network
high complexity
isc redhat debian CWE-20
3.7
2019-01-16 CVE-2019-2422 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle canonical netapp redhat debian opensuse hp
3.1
2019-01-11 CVE-2018-16866 Out-of-bounds Read vulnerability in multiple products
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'.
3.3