Vulnerabilities > Debian > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-01 | CVE-2019-17052 | Incorrect Default Permissions vulnerability in multiple products ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. | 3.3 |
| 2019-10-01 | CVE-2019-17055 | Missing Authorization vulnerability in multiple products base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. | 3.3 |
| 2019-07-04 | CVE-2019-13232 | Resource Exhaustion vulnerability in multiple products Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. | 3.3 |
| 2019-05-10 | CVE-2019-11884 | The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. | 3.3 |
| 2019-04-17 | CVE-2019-9495 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. | 3.7 |
| 2019-03-23 | CVE-2019-9942 | A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. | 3.7 |
| 2019-01-28 | CVE-2019-3815 | Memory Leak vulnerability in multiple products A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. | 3.3 |
| 2019-01-16 | CVE-2017-3142 | Improper Input Validation vulnerability in multiple products An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. | 3.7 |
| 2019-01-16 | CVE-2019-2422 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). | 3.1 |
| 2019-01-11 | CVE-2018-16866 | Out-of-bounds Read vulnerability in multiple products An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. | 3.3 |