Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-16 | CVE-2019-19783 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. | 6.5 |
| 2019-12-15 | CVE-2014-8561 | Infinite Loop vulnerability in multiple products imagemagick 6.8.9.6 has remote DOS via infinite loop | 4.3 |
| 2019-12-15 | CVE-2014-4913 | Cross-site Scripting vulnerability in multiple products ZF2014-03 has a potential cross site scripting vector in multiple view helpers | 4.3 |
| 2019-12-15 | CVE-2019-19797 | Out-of-bounds Write vulnerability in multiple products read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | 5.5 |
| 2019-12-13 | CVE-2014-3495 | Improper Certificate Validation vulnerability in multiple products duplicity 0.6.24 has improper verification of SSL certificates | 5.0 |
| 2019-12-13 | CVE-2014-2387 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | 4.6 |
| 2019-12-12 | CVE-2018-11805 | OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. | 6.7 |
| 2019-12-12 | CVE-2019-17358 | Deserialization of Untrusted Data vulnerability in multiple products Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. | 5.5 |
| 2019-12-11 | CVE-2013-7371 | Cross-site Scripting vulnerability in multiple products node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | 4.3 |
| 2019-12-11 | CVE-2013-7370 | Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 4.3 |