Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
CVSS Score
7.5
EPSS Score
0.02
Published
2019-11-18
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
CVSS Score
9.8
EPSS Score
0.148
Published
2019-11-17
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-15
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-11-15
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-15
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections
CVSS Score
5.9
EPSS Score
0.006
Published
2019-11-15
ClamAV before 0.97.7 has WWPack corrupt heap memory
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-15
ClamAV before 0.97.7 has buffer overflow in the libclamav component
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-15
ClamAV before 0.97.7: dbg_printhex possible information leak
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-15
Chrony before 1.29.1 has traffic amplification in cmdmon protocol
CVSS Score
7.5
EPSS Score
0.024
Published
2019-11-15