Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-16471 | Cross-site Scripting vulnerability in multiple products There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. | 6.1 |
| 2018-11-12 | CVE-2018-19210 | NULL Pointer Dereference vulnerability in multiple products In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. | 6.5 |
| 2018-11-12 | CVE-2018-19206 | Cross-site Scripting vulnerability in multiple products steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. | 6.1 |
| 2018-11-11 | CVE-2018-19143 | Forced Browsing vulnerability in multiple products Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | 6.5 |
| 2018-11-11 | CVE-2018-19141 | Cross-site Scripting vulnerability in multiple products Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | 4.8 |
| 2018-11-09 | CVE-2018-19139 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue has been found in JasPer 2.0.14. | 5.5 |
| 2018-11-09 | CVE-2018-19132 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | 5.9 |
| 2018-11-08 | CVE-2018-19108 | Infinite Loop vulnerability in multiple products In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | 6.5 |
| 2018-11-08 | CVE-2018-19107 | Integer Overflow or Wraparound vulnerability in multiple products In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | 6.5 |
| 2018-11-07 | CVE-2018-19058 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |