Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-13 CVE-2018-16471 Cross-site Scripting vulnerability in multiple products
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11.
network
low complexity
rack-project debian CWE-79
6.1
2018-11-12 CVE-2018-19216 Use After Free vulnerability in multiple products
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
network
nasm debian CWE-416
6.8
2018-11-12 CVE-2018-19210 NULL Pointer Dereference vulnerability in multiple products
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
network
low complexity
libtiff debian canonical CWE-476
6.5
2018-11-12 CVE-2018-19206 Cross-site Scripting vulnerability in multiple products
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
4.3
2018-11-12 CVE-2018-19200 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in uriparser before 0.9.0.
network
low complexity
uriparser-project debian CWE-476
5.0
2018-11-11 CVE-2018-19143 Forced Browsing vulnerability in multiple products
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
network
low complexity
otrs debian CWE-425
5.5
2018-11-09 CVE-2018-19139 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue has been found in JasPer 2.0.14.
4.3
2018-11-09 CVE-2018-19132 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
4.3
2018-11-08 CVE-2018-19108 Infinite Loop vulnerability in multiple products
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
network
low complexity
exiv2 debian redhat canonical CWE-835
6.5
2018-11-08 CVE-2018-19107 Integer Overflow or Wraparound vulnerability in multiple products
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
network
low complexity
exiv2 debian redhat canonical CWE-190
6.5