Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian debian linux 9.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-20041
wp_kses_bad_protocol in wp-includes/kses.php in WordPress prior to 5.3.1 mishandles the HTML5 colon named entity, allowing malicious users to bypass input sanitization, as demonstrated by the javascript: substring.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2019-12420
In Apache SpamAssassin prior to 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Apache Spamassassin
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2010-4653
An integer overflow condition in poppler prior to 0.16.3 can occur when parsing CharCodes for fonts.
Freedesktop Poppler
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2017-14062
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 prior to 2.0.4 allows remote malicious users to cause a denial of service or possibly have unspecified other impact.
Gnu Libidn2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2.1
CVSSv2
CVE-2021-28713
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically re...
Xen Xen -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2011-4120
Yubico PAM Module prior to 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authent...
Yubico Pam Module
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.8
CVSSv2
CVE-2018-5702
Transmission up to and including 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote malicious users to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transm...
Transmissionbt Transmission
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 EDB exploit
7.5
CVSSv2
CVE-2019-17669
WordPress prior to 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2019-17670
WordPress prior to 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.8
CVSSv2
CVE-2019-17675
WordPress prior to 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »