Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-22 | CVE-2019-10206 | Insufficiently Protected Credentials vulnerability in multiple products ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. | 6.5 |
| 2019-11-21 | CVE-2019-19221 | Out-of-bounds Read vulnerability in multiple products In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. | 5.5 |
| 2019-11-21 | CVE-2019-18890 | SQL Injection vulnerability in multiple products A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. | 6.5 |
| 2019-11-21 | CVE-2014-1935 | Improper Input Validation vulnerability in multiple products 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. | 5.3 |
| 2019-11-21 | CVE-2014-0083 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. | 5.5 |
| 2019-11-21 | CVE-2019-19039 | Information Exposure Through Log Files vulnerability in multiple products __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. | 5.5 |
| 2019-11-20 | CVE-2015-1606 | Use After Free vulnerability in multiple products The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. | 5.5 |
| 2019-11-20 | CVE-2012-6136 | Incorrect Default Permissions vulnerability in multiple products tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | 5.5 |
| 2019-11-19 | CVE-2011-2924 | Link Following vulnerability in multiple products foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. | 5.5 |
| 2019-11-19 | CVE-2011-2923 | Link Following vulnerability in multiple products foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. | 5.5 |