Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
CVSS Score
4.7
EPSS Score
0.001
Published
2019-12-03
webauth before 4.6.1 has authentication credential disclosure
CVSS Score
7.5
EPSS Score
0.004
Published
2019-12-03
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-02
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
CVSS Score
7.5
EPSS Score
0.462
Published
2019-12-02
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-12-01
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
CVSS Score
9.8
EPSS Score
0.027
Published
2019-12-01
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
CVSS Score
4.9
EPSS Score
0.007
Published
2019-11-30
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-30
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
CVSS Score
4.2
EPSS Score
0.001
Published
2019-11-29
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
CVSS Score
5.9
EPSS Score
0.006
Published
2019-11-29