Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-08 | CVE-2017-16854 | Information Exposure vulnerability in multiple products In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. | 6.5 |
| 2017-12-07 | CVE-2017-3738 | Information Exposure vulnerability in multiple products There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. | 5.9 |
| 2017-12-07 | CVE-2017-3737 | Out-of-bounds Write vulnerability in multiple products OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. | 5.9 |
| 2017-12-07 | CVE-2017-17381 | Divide By Zero vulnerability in multiple products The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. | 6.5 |
| 2017-12-02 | CVE-2017-17094 | Cross-site Scripting vulnerability in multiple products wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | 5.4 |
| 2017-12-02 | CVE-2017-17093 | Cross-site Scripting vulnerability in multiple products wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | 5.4 |
| 2017-12-02 | CVE-2017-17092 | Cross-site Scripting vulnerability in multiple products wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | 5.4 |
| 2017-12-01 | CVE-2017-16611 | Link Following vulnerability in multiple products In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | 5.5 |
| 2017-12-01 | CVE-2017-17087 | Exposure of Resource to Wrong Sphere vulnerability in multiple products fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. | 5.5 |
| 2017-11-22 | CVE-2017-15099 | Information Exposure vulnerability in multiple products INSERT ... | 6.5 |