Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
Orca has arbitrary code execution due to insecure Python module load
CVSS Score
7.3
EPSS Score
0.002
Published
2019-12-11
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVSS Score
6.1
EPSS Score
0.011
Published
2019-12-11
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-11
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
CVSS Score
7.1
EPSS Score
0.016
Published
2019-12-10
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-12-10
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
CVSS Score
9.8
EPSS Score
0.001
Published
2019-12-10
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
CVSS Score
9.8
EPSS Score
0.008
Published
2019-12-10
kde-workspace before 4.10.5 has a memory leak in plasma desktop
CVSS Score
7.5
EPSS Score
0.02
Published
2019-12-10
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks
CVSS Score
5.5
EPSS Score
0.0
Published
2019-12-10
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-10