Shodan
Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  Security Vulnerabilities
CVE-2020-9355
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-02-23
CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVSS Score
8.8
EPSS Score
0.939
Published
2020-02-22
CVE-2012-1093
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-02-21
CVE-2012-0844
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-21
CVE-2020-9283
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
CVSS Score
7.5
EPSS Score
0.187
Published
2020-02-20
CVE-2011-4915
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-02-20
CVE-2020-9273
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
CVSS Score
8.8
EPSS Score
0.623
Published
2020-02-20
CVE-2019-20479
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-02-20
CVE-2014-4678
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
CVSS Score
9.8
EPSS Score
0.101
Published
2020-02-20
CVE-2020-6061
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
CVSS Score
7.0
EPSS Score
0.018
Published
2020-02-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved