Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2020-02-21 CVE-2012-0844 Information Exposure vulnerability in multiple products
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
local
low complexity
netsurf-browser debian CWE-200
2.1
2020-02-20 CVE-2011-4915 Information Exposure vulnerability in Linux Kernel
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.
local
low complexity
linux canonical debian CWE-200
2.1
2020-02-06 CVE-2020-8647 Use After Free vulnerability in multiple products
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
local
low complexity
linux debian opensuse CWE-416
3.6
2020-02-06 CVE-2020-8648 Use After Free vulnerability in multiple products
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
3.6
2020-02-06 CVE-2020-8649 Use After Free vulnerability in multiple products
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
local
low complexity
linux opensuse debian CWE-416
3.6
2020-02-05 CVE-2020-8631 Use of Insufficiently Random Values vulnerability in multiple products
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
local
low complexity
canonical opensuse debian CWE-330
2.1
2020-02-05 CVE-2020-8632 Weak Password Requirements vulnerability in multiple products
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
local
low complexity
canonical opensuse debian CWE-521
2.1
2020-01-21 CVE-2020-5202 apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port.
local
low complexity
apt-cacher-ng-project debian opensuse
2.1
2019-12-30 CVE-2012-5474 Missing Encryption of Sensitive Data vulnerability in multiple products
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
2.1
2019-12-30 CVE-2012-5476 Information Exposure vulnerability in multiple products
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
local
low complexity
openstack debian CWE-200
2.1