Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-02 | CVE-2017-17092 | Cross-site Scripting vulnerability in multiple products wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | 5.4 |
| 2017-12-01 | CVE-2017-16611 | Link Following vulnerability in multiple products In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | 5.5 |
| 2017-12-01 | CVE-2017-17087 | Exposure of Resource to Wrong Sphere vulnerability in multiple products fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. | 5.5 |
| 2017-11-22 | CVE-2017-15099 | Information Exposure vulnerability in multiple products INSERT ... | 6.5 |
| 2017-11-20 | CVE-2017-3157 | Information Exposure vulnerability in multiple products By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. | 5.5 |
| 2017-11-15 | CVE-2017-8812 | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | 5.3 |
| 2017-11-15 | CVE-2017-8811 | Improper Input Validation vulnerability in multiple products The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. | 6.1 |
| 2017-11-15 | CVE-2017-8808 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | 6.1 |
| 2017-11-13 | CVE-2017-16804 | Information Exposure vulnerability in multiple products In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. | 4.3 |
| 2017-11-04 | CVE-2017-16541 | Information Exposure vulnerability in multiple products Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. | 6.5 |