Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-15
imagemagick 6.8.9.6 has remote DOS via infinite loop
CVSS Score
6.5
EPSS Score
0.01
Published
2019-12-15
duplicity 0.6.24 has improper verification of SSL certificates
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-13
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
CVSS Score
4.4
EPSS Score
0.001
Published
2019-12-13
mcollective has a default password set at install
CVSS Score
9.8
EPSS Score
0.006
Published
2019-12-13
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
CVSS Score
7.5
EPSS Score
0.137
Published
2019-12-12
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.
CVSS Score
6.7
EPSS Score
0.0
Published
2019-12-12
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.
CVSS Score
8.1
EPSS Score
0.024
Published
2019-12-12
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.
CVSS Score
9.3
EPSS Score
0.011
Published
2019-12-12
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-11