#Vulnerabilities 3571
Date ID Summary Products Score Patch
2019-11-15 CVE-2014-0021 Chrony before 1.29.1 has traffic amplification in cmdmon protocol Chrony, Debian_linux, Fedora N/A
2019-11-25 CVE-2012-5644 libuser has information disclosure when moving user's home directory Debian_linux, Fedora, Libuser, Enterprise_linux N/A
2019-11-19 CVE-2011-4968 nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) Debian_linux, Nginx N/A
2019-11-26 CVE-2011-3596 Polipo before suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. Debian_linux, Polipo N/A
2019-11-26 CVE-2011-3374 It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. Apt, Debian_linux N/A
2019-11-15 CVE-2011-2726 An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. Debian_linux, Drupal, Fedora, Enterprise_linux N/A
2019-11-22 CVE-2014-6311 in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. Debian_linux, Adaptive_communication_environment N/A
2019-11-21 CVE-2014-5255 xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254. Debian_linux, Xcfa N/A
2019-11-26 CVE-2011-4350 Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request. Debian_linux, Yaws N/A
2019-11-15 CVE-2011-0703 In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. Debian_linux, Gksu\-Polkit N/A