Debian: >> Debian Linux Security Vulnerabilities
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
CVSS Score
5.5
EPSS Score
0.005
Published
2019-11-20
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-20
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-20
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-20
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-11-20
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
CVSS Score
3.3
EPSS Score
0.0
Published
2019-11-19
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-19
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-11-19
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-19
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
CVSS Score
4.4
EPSS Score
0.005
Published
2019-11-19