Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2009-5046 Cross-site Scripting vulnerability in multiple products
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
network
low complexity
eclipse debian CWE-79
6.1
6.1
2019-11-06 CVE-2009-5049 Cross-site Scripting vulnerability in multiple products
WebApp JSP Snoop page XSS in jetty though 6.1.21.
network
low complexity
mortbay debian CWE-79
6.1
6.1
2019-11-06 CVE-2010-2471 Open Redirect vulnerability in multiple products
Drupal versions 5.x and 6.x has open redirection
network
low complexity
drupal debian CWE-601
6.1
6.1
2019-11-06 CVE-2011-4900 Information Exposure vulnerability in multiple products
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
network
low complexity
typo3 debian CWE-200
6.5
6.5
2019-11-05 CVE-2019-5068 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2.
local
low complexity
mesa3d opensuse debian canonical CWE-732
4.4
4.4
2019-11-05 CVE-2013-5123 Improper Authentication vulnerability in multiple products
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
network
high complexity
pypa virtualenv fedoraproject redhat debian CWE-287
5.9
5.9
2019-11-05 CVE-2010-3674 Cross-site Scripting vulnerability in multiple products
TYPO3 before 4.4.1 allows XSS in the frontend search box.
network
low complexity
typo3 debian CWE-79
6.1
6.1
2019-11-05 CVE-2013-6275 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
network
low complexity
horde debian CWE-352
6.5
6.5
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
network
low complexity
nokogiri debian redhat CWE-776
6.5
6.5
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5
6.5