Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2019-13740 Origin Validation Error vulnerability in multiple products
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian fedoraproject redhat CWE-346
6.5
2019-12-10 CVE-2019-13739 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google debian fedoraproject redhat
6.5
2019-12-10 CVE-2019-13738 Improper Privilege Management vulnerability in multiple products
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
network
low complexity
google debian fedoraproject redhat CWE-269
6.5
2019-12-10 CVE-2019-13737 Information Exposure vulnerability in multiple products
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google debian fedoraproject redhat CWE-200
6.5
2019-12-10 CVE-2016-1000108 Open Redirect vulnerability in multiple products
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
low complexity
yaws debian CWE-601
6.1
2019-12-10 CVE-2013-4184 Link Following vulnerability in multiple products
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks
local
low complexity
data debian CWE-59
5.5
2019-12-06 CVE-2019-1551 Integer Overflow or Wraparound vulnerability in multiple products
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.
5.3
2019-12-05 CVE-2012-1115 Cross-site Scripting vulnerability in multiple products
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
6.1
2019-12-05 CVE-2012-1114 Cross-site Scripting vulnerability in multiple products
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action.
6.1
2019-12-05 CVE-2012-1105 Information Exposure vulnerability in multiple products
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory.
local
low complexity
apereo fedoraproject debian CWE-200
5.5