CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux » 9.0 * * * : Security Vulnerabilities Published In 2019 (Gain Information)

Cpe Name:cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-15902 200 +Info 2019-09-04 2019-10-17
4.7
None Local Medium Not required Complete None None
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
2 CVE-2019-15132 200 +Info 2019-08-17 2021-07-21
5.0
None Remote Low Not required Partial None None
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
3 CVE-2019-12474 +Info 2019-07-10 2020-08-24
5.0
None Remote Low Not required Partial None None
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
4 CVE-2019-5765 312 +Info 2019-02-19 2020-08-24
4.3
None Remote Medium Not required Partial None None
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.
5 CVE-2019-1551 200 Overflow +Info 2019-12-06 2021-07-21
5.0
None Remote Low Not required Partial None None
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
6 CVE-2018-16876 200 +Info 2019-01-03 2021-08-04
3.5
None Remote Medium ??? Partial None None
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
7 CVE-2018-12397 200 +Info 2019-02-28 2019-03-01
3.6
None Local Low Not required Partial Partial None
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
8 CVE-2018-8798 125 +Info 2019-02-05 2019-09-15
5.0
None Remote Low Not required Partial None None
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.
9 CVE-2018-8791 125 +Info 2019-02-05 2019-09-15
5.0
None Remote Low Not required Partial None None
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.
10 CVE-2018-6179 200 +Info 2019-01-09 2019-01-16
4.3
None Remote Medium Not required Partial None None
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
11 CVE-2018-6164 200 +Info 2019-01-09 2019-01-14
4.3
None Remote Medium Not required Partial None None
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
12 CVE-2018-6147 200 +Info 2019-01-09 2019-01-29
2.1
None Local Low Not required Partial None None
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.
13 CVE-2018-6137 200 +Info 2019-01-09 2019-01-14
4.3
None Remote Medium Not required Partial None None
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14 CVE-2018-6117 200 +Info 2019-01-09 2019-01-15
4.3
None Remote Medium Not required Partial None None
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
15 CVE-2018-6109 200 +Info 2019-01-09 2019-01-30
4.3
None Remote Medium Not required Partial None None
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
16 CVE-2018-6093 200 +Info 2019-01-09 2019-01-29
4.3
None Remote Medium Not required Partial None None
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
17 CVE-2016-1000002 200 +Info 2019-11-05 2020-08-18
2.1
None Local Low Not required Partial None None
gdm3 3.14.2 and possibly later has an information leak before screen lock
18 CVE-2015-3167 200 +Info 2019-11-20 2019-11-22
5.0
None Remote Low Not required Partial None None
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
19 CVE-2015-3166 119 Overflow +Info 2019-11-20 2019-11-22
7.5
None Remote Low Not required Partial Partial Partial
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
20 CVE-2013-7089 200 +Info 2019-11-15 2019-11-20
5.0
None Remote Low Not required Partial None None
ClamAV before 0.97.7: dbg_printhex possible information leak
21 CVE-2013-2600 200 +Info 2019-11-01 2019-11-04
5.0
None Remote Low Not required Partial None None
MiniUPnPd has information disclosure use of snprintf()
22 CVE-2013-1817 200 +Info 2019-11-20 2019-11-21
5.0
None Remote Low Not required Partial None None
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
23 CVE-2012-5644 200 +Info 2019-11-25 2019-12-04
4.9
None Local Low Not required Complete None None
libuser has information disclosure when moving user's home directory
24 CVE-2012-5476 200 +Info 2019-12-30 2020-01-09
2.1
None Local Low Not required Partial None None
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
25 CVE-2012-0843 200 +Info 2019-11-19 2019-11-22
2.1
None Local Low Not required Partial None None
uzbl: Information disclosure via world-readable cookies storage file
26 CVE-2012-0842 200 +Info 2019-11-19 2019-11-20
2.1
None Local Low Not required Partial None None
surf: cookie jar has read access from other local user
27 CVE-2011-1934 200 +Info 2019-11-26 2019-12-10
4.0
None Remote Low ??? Partial None None
lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.
28 CVE-2010-2450 200 +Info 2019-11-07 2019-11-13
5.0
None Remote Low Not required Partial None None
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.
Total number of vulnerabilities : 28   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.