Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2019-12-26 CVE-2012-2736 Missing Authentication for Critical Function vulnerability in multiple products
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
3.3
2019-12-25 CVE-2019-19965 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
1.9
2019-12-23 CVE-2019-5108 Improper Authentication vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3.
3.3
2019-12-10 CVE-2019-13762 Improper Locking vulnerability in multiple products
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.
local
low complexity
google debian fedoraproject redhat CWE-667
3.3
2019-12-05 CVE-2012-1105 Information Exposure vulnerability in multiple products
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory.
local
low complexity
apereo fedoraproject debian CWE-200
2.1
2019-12-05 CVE-2013-0326 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
OpenStack nova base images permissions are world readable
local
low complexity
openstack debian CWE-732
2.1
2019-12-03 CVE-2019-19534 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
local
low complexity
linux debian canonical CWE-909
2.1
2019-12-03 CVE-2019-19535 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
local
low complexity
linux debian opensuse oracle CWE-909
2.1
2019-12-03 CVE-2019-19536 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
local
low complexity
linux debian opensuse CWE-909
2.1
2019-11-29 CVE-2014-3591 Information Exposure vulnerability in multiple products
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
1.9