Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-03 | CVE-2019-19527 | Use After Free vulnerability in multiple products In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | 6.8 |
| 2019-12-03 | CVE-2019-19525 | Use After Free vulnerability in multiple products In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. | 4.6 |
| 2019-12-03 | CVE-2019-19524 | Use After Free vulnerability in multiple products In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | 4.6 |
| 2019-12-03 | CVE-2019-19523 | Use After Free vulnerability in multiple products In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | 4.6 |
| 2019-12-03 | CVE-2013-4235 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | 4.7 |
| 2019-12-01 | CVE-2019-19479 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. | 5.5 |
| 2019-11-30 | CVE-2019-19269 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. | 4.9 |
| 2019-11-30 | CVE-2019-19462 | NULL Pointer Dereference vulnerability in multiple products relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | 5.5 |
| 2019-11-29 | CVE-2015-0837 | Information Exposure Through Discrepancy vulnerability in multiple products The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." | 5.9 |
| 2019-11-29 | CVE-2014-3591 | Information Exposure vulnerability in multiple products Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. | 4.2 |