Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-26 | CVE-2019-16738 | Missing Authorization vulnerability in multiple products In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | 5.3 |
| 2019-09-25 | CVE-2017-18635 | Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. | 4.3 |
| 2019-09-24 | CVE-2019-5094 | Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. | 6.7 |
| 2019-09-24 | CVE-2019-16728 | Cross-site Scripting vulnerability in multiple products DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. | 4.3 |
| 2019-09-23 | CVE-2019-16713 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | 4.3 |
| 2019-09-23 | CVE-2019-16711 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | 4.3 |
| 2019-09-23 | CVE-2019-16710 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | 4.3 |
| 2019-09-23 | CVE-2019-16708 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | 4.3 |
| 2019-09-19 | CVE-2019-11779 | Uncontrolled Recursion vulnerability in multiple products In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. | 6.5 |
| 2019-09-17 | CVE-2019-16394 | Information Exposure Through Discrepancy vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | 5.0 |