Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-04 CVE-2019-15902 Information Exposure vulnerability in multiple products
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11.
local
high complexity
linux debian opensuse netapp CWE-200
5.6
5.6
2019-09-03 CVE-2015-9383 Out-of-bounds Read vulnerability in multiple products
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
network
low complexity
freetype debian canonical CWE-125
6.5
6.5
2019-09-03 CVE-2015-9382 Out-of-bounds Read vulnerability in multiple products
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
network
low complexity
freetype debian CWE-125
6.5
6.5
2019-08-29 CVE-2019-14534 NULL Pointer Dereference vulnerability in multiple products
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
local
low complexity
videolan debian CWE-476
5.5
5.5
2019-08-29 CVE-2019-15807 Memory Leak vulnerability in multiple products
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails.
local
high complexity
linux redhat debian CWE-401
4.7
4.7
2019-08-27 CVE-2019-13274 Cross-site Scripting vulnerability in multiple products
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
network
low complexity
xymon debian CWE-79
6.1
6.1
2019-08-27 CVE-2019-15666 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.0.19.
local
low complexity
linux debian opensuse CWE-125
4.4
4.4
2019-08-23 CVE-2019-15531 Out-of-bounds Read vulnerability in multiple products
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
network
low complexity
gnu debian fedoraproject CWE-125
6.5
6.5
2019-08-21 CVE-2019-13458 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.
network
low complexity
otrs debian
6.5
6.5
2019-08-21 CVE-2019-12746 Information Exposure vulnerability in multiple products
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.
network
low complexity
otrs debian CWE-200
6.5
6.5