Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2019-11-28 CVE-2019-19318 Use After Free vulnerability in multiple products
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
local
low complexity
linux opensuse canonical debian netapp CWE-416
2.1
2019-11-27 CVE-2012-6655 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
2.1
2019-11-26 CVE-2011-3632 Link Following vulnerability in multiple products
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
local
low complexity
hardlink-project debian redhat CWE-59
3.6
2019-11-25 CVE-2012-5521 Reachable Assertion vulnerability in multiple products
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
low complexity
quagga debian redhat CWE-617
3.3
2019-11-22 CVE-2015-7810 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
3.3
2019-11-21 CVE-2014-0083 Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.
local
low complexity
net-ldap-project debian CWE-916
2.1
2019-11-19 CVE-2011-2924 Link Following vulnerability in multiple products
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled.
3.3
2019-11-19 CVE-2019-19126 Improper Initialization vulnerability in multiple products
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
local
low complexity
gnu canonical fedoraproject debian CWE-665
3.3
2019-11-19 CVE-2011-2923 Link Following vulnerability in multiple products
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled.
3.3
2019-11-19 CVE-2012-0843 Information Exposure vulnerability in multiple products
uzbl: Information disclosure via world-readable cookies storage file
local
low complexity
uzbl debian CWE-200
2.1