Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-2977 Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot).
network
high complexity
oracle netapp debian
4.8
2019-10-16 CVE-2019-2975 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting).
network
high complexity
oracle redhat netapp debian opensuse mcafee canonical
4.8
2019-10-16 CVE-2019-2958 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
network
high complexity
oracle netapp opensuse debian
5.9
2019-10-16 CVE-2019-2949 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos).
network
high complexity
oracle debian netapp redhat canonical opensuse mcafee
6.8
2019-10-16 CVE-2019-11281 Cross-site Scripting vulnerability in multiple products
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input.
4.8
2019-10-15 CVE-2017-1002201 Cross-site Scripting vulnerability in multiple products
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly.
network
low complexity
haml debian CWE-79
6.1
2019-10-09 CVE-2019-17402 Classic Buffer Overflow vulnerability in multiple products
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
network
low complexity
exiv2 debian canonical CWE-120
6.5
2019-10-08 CVE-2019-17349 Infinite Loop vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.
local
low complexity
xen debian CWE-835
5.5
2019-10-08 CVE-2019-17348 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
local
low complexity
xen debian CWE-20
6.5
2019-10-08 CVE-2019-17345 An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
local
low complexity
xen debian
6.5