Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.
CVSS Score
4.7
EPSS Score
0.003
Published
2019-11-14
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-14
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-13
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-11-13
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-11-13
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-11-13
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-13
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
CVSS Score
6.5
EPSS Score
0.008
Published
2019-11-13
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-11-13
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-13