CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-16943 20 2019-10-01 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
2 CVE-2019-16942 20 2019-10-01 2019-10-08
7.5
None Remote Low Not required Partial Partial Partial
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
3 CVE-2019-16928 120 Exec Code Overflow 2019-09-27 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
4 CVE-2019-15941 863 Bypass 2019-09-25 2019-10-01
7.5
None Remote Low Not required Partial Partial Partial
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs.
5 CVE-2019-15892 20 DoS 2019-09-03 2019-09-25
7.8
None Remote Low Not required None None Complete
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.
6 CVE-2019-15239 416 2019-08-20 2019-09-24
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.
7 CVE-2019-14809 20 Bypass 2019-08-13 2019-08-24
7.5
None Remote Low Not required Partial Partial Partial
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
8 CVE-2019-14379 20 Exec Code 2019-07-29 2019-10-06
7.5
None Remote Low Not required Partial Partial Partial
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
9 CVE-2019-14234 89 Sql 2019-08-09 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
10 CVE-2019-13486 119 Overflow 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of   expansion in svcstatus.c.
11 CVE-2019-13485 119 Overflow 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.
12 CVE-2019-13484 119 Overflow 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c.
13 CVE-2019-13455 119 Overflow 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of   expansion in acknowledge.c.
14 CVE-2019-13452 119 Overflow 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.
15 CVE-2019-13451 119 Overflow 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.
16 CVE-2019-13273 119 Overflow 2019-08-27 2019-09-04
7.5
None Remote Low Not required Partial Partial Partial
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.
17 CVE-2019-13272 264 2019-07-17 2019-07-25
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
18 CVE-2019-13132 119 Overflow 2019-07-10 2019-07-18
7.5
None Remote Low Not required Partial Partial Partial
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
19 CVE-2019-12594 284 2019-07-02 2019-07-07
7.5
None Remote Low Not required Partial Partial Partial
DOSBox 0.74-2 has Incorrect Access Control.
20 CVE-2019-12468 284 Bypass 2019-07-10 2019-07-17
7.5
None Remote Low Not required Partial Partial Partial
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
21 CVE-2019-12046 284 2019-05-22 2019-05-24
7.5
None Remote Low Not required Partial Partial Partial
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
22 CVE-2019-11766 125 2019-05-05 2019-05-07
7.5
None Remote Low Not required Partial Partial Partial
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
23 CVE-2019-11500 787 Exec Code 2019-08-29 2019-09-06
7.5
None Remote Low Not required Partial Partial Partial
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
24 CVE-2019-11187 284 2019-08-15 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
25 CVE-2019-11068 284 Bypass 2019-04-10 2019-06-13
7.5
None Remote Low Not required Partial Partial Partial
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
26 CVE-2019-10086 502 2019-08-20 2019-09-02
7.5
None Remote Low Not required Partial Partial Partial
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
27 CVE-2019-9924 20 Exec Code 2019-03-22 2019-04-11
7.2
None Local Low Not required Complete Complete Complete
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
28 CVE-2019-9898 327 2019-03-21 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
29 CVE-2019-9852 22 Exec Code Dir. Trav. Bypass 2019-08-15 2019-09-02
7.5
None Remote Low Not required Partial Partial Partial
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
30 CVE-2019-9851 20 Exec Code 2019-08-15 2019-09-02
7.5
None Remote Low Not required Partial Partial Partial
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
31 CVE-2019-9850 20 Exec Code Bypass 2019-08-15 2019-09-02
7.5
None Remote Low Not required Partial Partial Partial
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
32 CVE-2019-9641 119 Overflow 2019-03-08 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
33 CVE-2019-9631 125 2019-03-08 2019-06-27
7.5
None Remote Low Not required Partial Partial Partial
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
34 CVE-2019-9516 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
35 CVE-2019-9514 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
36 CVE-2019-9513 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
37 CVE-2019-9512 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
38 CVE-2019-9511 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
39 CVE-2019-9023 125 2019-02-22 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
40 CVE-2019-9021 125 2019-02-22 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
41 CVE-2019-9020 125 2019-02-22 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
42 CVE-2019-8980 399 DoS 2019-02-21 2019-05-06
7.8
None Remote Low Not required None None Complete
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
43 CVE-2019-7524 119 Overflow 2019-03-28 2019-06-13
7.2
None Local Low Not required Complete Complete Complete
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
44 CVE-2019-7165 119 Exec Code Overflow 2019-07-03 2019-07-10
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.
45 CVE-2019-7164 89 Sql 2019-02-19 2019-05-07
7.5
None Remote Low Not required Partial Partial Partial
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
46 CVE-2019-6978 415 2019-01-28 2019-04-04
7.5
None Remote Low Not required Partial Partial Partial
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
47 CVE-2019-6339 20 Exec Code 2019-01-22 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.
48 CVE-2019-6256 20 DoS 2019-01-14 2019-05-10
7.5
None Remote Low Not required Partial Partial Partial
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.
49 CVE-2019-5420 20 Exec Code 2019-03-27 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
50 CVE-2019-5419 400 DoS 2019-03-27 2019-06-07
7.8
None Remote Low Not required None None Complete
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Total number of vulnerabilities : 654   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.