Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
CVSS Score
9.8
EPSS Score
0.033
Published
2019-11-20
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
CVSS Score
7.5
EPSS Score
0.029
Published
2019-11-20
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
CVSS Score
5.5
EPSS Score
0.005
Published
2019-11-20
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-20
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-20
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-19
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-11-19
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-19
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
CVSS Score
4.4
EPSS Score
0.005
Published
2019-11-19
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
CVSS Score
4.8
EPSS Score
0.006
Published
2019-11-19