Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2011-1489 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset.
local
low complexity
rsyslog opensuse debian CWE-772
5.5
5.5
2019-11-14 CVE-2011-1488 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled.
local
low complexity
rsyslog opensuse debian CWE-772
5.5
5.5
2019-11-14 CVE-2011-1136 Link Following vulnerability in multiple products
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.
local
high complexity
tesseract-project debian CWE-59
4.7
4.7
2019-11-14 CVE-2011-0544 Cross-site Scripting vulnerability in multiple products
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.
network
low complexity
phpbb debian CWE-79
6.1
6.1
2019-11-13 CVE-2010-4817 Link Following vulnerability in multiple products
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
local
low complexity
pithos-project debian CWE-59
5.5
5.5
2019-11-13 CVE-2010-4653 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
network
low complexity
freedesktop debian CWE-190
6.5
6.5
2019-11-13 CVE-2010-4532 Improper Certificate Validation vulnerability in multiple products
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.
network
high complexity
debian offlineimap CWE-295
5.9
5.9
2019-11-13 CVE-2012-4385 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
letodms 3.3.6 has CSRF via change password
network
low complexity
trilexnet debian CWE-352
6.5
6.5
2019-11-13 CVE-2012-4384 Cross-site Scripting vulnerability in multiple products
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
network
low complexity
trilexnet debian CWE-79
6.1
6.1
2019-11-12 CVE-2010-3440 Download of Code Without Integrity Check vulnerability in multiple products
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
local
low complexity
babiloo-project debian CWE-494
5.5
5.5