Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-31 | CVE-2012-6123 | Improper Input Validation vulnerability in multiple products Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | 5.0 |
| 2019-10-31 | CVE-2013-2012 | Improper Privilege Management vulnerability in multiple products autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. | 4.4 |
| 2019-10-31 | CVE-2013-1951 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | 4.3 |
| 2019-10-31 | CVE-2010-2490 | Improper Input Validation vulnerability in multiple products Mumble: murmur-server has DoS due to malformed client query | 4.0 |
| 2019-10-31 | CVE-2009-5042 | Exposure of Resource to Wrong Sphere vulnerability in multiple products python-docutils allows insecure usage of temporary files | 6.4 |
| 2019-10-31 | CVE-2019-18424 | OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. | 6.8 |
| 2019-10-31 | CVE-2019-18420 | Use of Externally-Controlled Format String vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. | 6.5 |
| 2019-10-30 | CVE-2010-0749 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. | 5.0 |
| 2019-10-30 | CVE-2010-0747 | Incorrect Permission Assignment for Critical Resource vulnerability in Linbit Drbd8 2.6.26 drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | 4.6 |
| 2019-10-30 | CVE-2010-0207 | Infinite Loop vulnerability in Xpdfreader Xpdf 3.0317/3.0413/3.044 In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. | 4.3 |