Shodan
Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  >> 8.0  Security Vulnerabilities
CVE-2019-19920
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
CVSS Score
8.8
EPSS Score
0.044
Published
2019-12-22
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVSS Score
9.8
EPSS Score
0.535
Published
2019-12-20
CVE-2012-6094
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
CVSS Score
9.8
EPSS Score
0.007
Published
2019-12-20
CVE-2012-6111
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
CVSS Score
7.5
EPSS Score
0.004
Published
2019-12-20
CVE-2012-3409
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-20
CVE-2012-5639
LibreOffice and OpenOffice automatically open embedded content
CVSS Score
6.5
EPSS Score
0.006
Published
2019-12-20
CVE-2015-8313
GnuTLS incorrectly validates the first byte of padding in CBC modes
CVSS Score
5.9
EPSS Score
0.011
Published
2019-12-20
CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-12-19
CVE-2019-16779
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.
CVSS Score
5.8
EPSS Score
0.006
Published
2019-12-16
CVE-2014-8650
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVSS Score
9.8
EPSS Score
0.005
Published
2019-12-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved