Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-21 | CVE-2019-14907 | Out-of-bounds Read vulnerability in multiple products All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. | 6.5 |
| 2020-01-21 | CVE-2019-14902 | There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. | 5.4 |
| 2020-01-16 | CVE-2020-7039 | Out-of-bounds Write vulnerability in multiple products tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. | 6.8 |
| 2020-01-16 | CVE-2019-18282 | Use of Insufficiently Random Values vulnerability in multiple products The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. | 5.0 |
| 2020-01-16 | CVE-2020-7106 | Cross-site Scripting vulnerability in multiple products Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | 6.1 |
| 2020-01-16 | CVE-2020-7045 | NULL Pointer Dereference vulnerability in multiple products In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. | 6.5 |
| 2020-01-15 | CVE-2019-15961 | Resource Exhaustion vulnerability in multiple products A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. | 6.5 |
| 2020-01-15 | CVE-2020-2659 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). | 4.3 |
| 2020-01-15 | CVE-2020-2655 | Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). | 5.8 |
| 2020-01-15 | CVE-2020-2654 | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). | 4.3 |